Action not permitted
Modal body text goes here.
CVE-2022-46175
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
security-advisories@github.com | https://github.com/json5/json5/issues/199 | Issue Tracking, Patch, Third Party Advisory | |
security-advisories@github.com | https://github.com/json5/json5/issues/295 | Issue Tracking, Third Party Advisory | |
security-advisories@github.com | https://github.com/json5/json5/pull/298 | Patch, Third Party Advisory | |
security-advisories@github.com | https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h | Exploit, Third Party Advisory | |
security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2023/11/msg00021.html | ||
security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3S26TLPLVFAJTUN3VIXFDEBEXDYO22CE/ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:24:03.459Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" }, { "tags": [ "x_transferred" ], "url": "https://github.com/json5/json5/issues/199" }, { "tags": [ "x_transferred" ], "url": "https://github.com/json5/json5/issues/295" }, { "tags": [ "x_transferred" ], "url": "https://github.com/json5/json5/pull/298" }, { "name": "FEDORA-2023-e7297a4aeb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3S26TLPLVFAJTUN3VIXFDEBEXDYO22CE/" }, { "name": "[debian-lts-announce] 20231125 [SECURITY] [DLA 3665-1] node-json5 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "json5", "vendor": "json5", "versions": [ { "status": "affected", "version": "\u003c 2.2.2" } ] } ], "descriptions": [ { "lang": "en", "value": "JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1321", "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-26T00:06:12.132080", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" }, { "url": "https://github.com/json5/json5/issues/199" }, { "url": "https://github.com/json5/json5/issues/295" }, { "url": "https://github.com/json5/json5/pull/298" }, { "name": "FEDORA-2023-e7297a4aeb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3S26TLPLVFAJTUN3VIXFDEBEXDYO22CE/" }, { "name": "[debian-lts-announce] 20231125 [SECURITY] [DLA 3665-1] node-json5 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00021.html" } ], "source": { "advisory": "GHSA-9c47-m6qq-7p4h", "discovery": "UNKNOWN" } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-46175", "datePublished": "2022-12-24T00:00:00", "dateReserved": "2022-11-28T00:00:00", "dateUpdated": "2024-08-03T14:24:03.459Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-46175\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-12-24T04:15:08.787\",\"lastModified\":\"2023-11-26T01:15:07.177\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later.\"},{\"lang\":\"es\",\"value\":\"JSON5 es una extensi\u00f3n del popular formato de archivo JSON que pretende ser m\u00e1s f\u00e1cil de escribir y mantener a mano (por ejemplo, para archivos de configuraci\u00f3n). El m\u00e9todo `parse` de la librer\u00eda JSON5 anterior a las versiones 1.0.1 y 2.2.1 incluida no restringe el an\u00e1lisis de claves denominadas `__proto__`, lo que permite que cadenas especialmente manipuladas contaminen el prototipo del objeto resultante. Esta vulnerabilidad contamina el prototipo del objeto devuelto por `JSON5.parse` y no el prototipo de objeto global, que es la definici\u00f3n com\u00fanmente entendida de contaminaci\u00f3n de prototipo. Sin embargo, contaminar el prototipo de un \u00fanico objeto puede tener un impacto significativo en la seguridad de una aplicaci\u00f3n si el objeto se utiliza posteriormente en operaciones confiables. Esta vulnerabilidad podr\u00eda permitir a un atacante establecer claves arbitrarias e inesperadas en el objeto devuelto por `JSON5.parse`. El impacto real depender\u00e1 de c\u00f3mo las aplicaciones utilicen el objeto devuelto y de c\u00f3mo filtren las claves no deseadas, pero podr\u00eda incluir Denegaci\u00f3n de Servicio (DoS), Cross-Site Scripting (XSS), elevaci\u00f3n de privilegios y, en casos extremos, ejecuci\u00f3n remota de c\u00f3digo. `JSON5.parse` deber\u00eda restringir el an\u00e1lisis de claves `__proto__` al analizar cadenas JSON en objetos. Como punto de referencia, el m\u00e9todo `JSON.parse` incluido en JavaScript ignora las claves `__proto__`. Simplemente cambiar `JSON5.parse` por `JSON.parse` en los ejemplos anteriores mitiga esta vulnerabilidad. Esta vulnerabilidad est\u00e1 parcheada en las versiones 1.0.2, 2.2.2 y posteriores de json5.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:json5:json5:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.0.2\",\"matchCriteriaId\":\"7F98563A-9DCE-49C6-A85E-B31001233BEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:json5:json5:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.2.2\",\"matchCriteriaId\":\"B3608343-A29B-4A05-BE15-9367DF89AE54\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}],\"references\":[{\"url\":\"https://github.com/json5/json5/issues/199\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/json5/json5/issues/295\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/json5/json5/pull/298\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00021.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3S26TLPLVFAJTUN3VIXFDEBEXDYO22CE/\",\"source\":\"security-advisories@github.com\"}]}}" } }
wid-sec-w-2023-2229
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- MacOS X\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2229 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2229.json" }, { "category": "self", "summary": "WID-SEC-2023-2229 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2229" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0801" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0802" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0803" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0804" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0805" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0806" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0807" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0808" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28", "url": "https://linux.oracle.com/errata/ELSA-2024-2988.html" } ], "source_lang": "en-US", "title": "Splunk Splunk Enterprise: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-28T22:00:00.000+00:00", "generator": { "date": "2024-05-29T08:07:49.870+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2229", "initial_release_date": "2023-08-30T22:00:00.000+00:00", "revision_history": [ { "date": "2023-08-30T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-01-23T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-28T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Oracle Linux aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c9.1.1", "product": { "name": "Splunk Splunk Enterprise \u003c9.1.1", "product_id": "T029634", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:9.1.1" } } }, { "category": "product_version_range", "name": "\u003c9.0.6", "product": { "name": "Splunk Splunk Enterprise \u003c9.0.6", "product_id": "T029635", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:9.0.6" } } }, { "category": "product_version_range", "name": "\u003c8.2.12", "product": { "name": "Splunk Splunk Enterprise \u003c8.2.12", "product_id": "T029636", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:8.2.12" } } } ], "category": "product_name", "name": "Splunk Enterprise" } ], "category": "vendor", "name": "Splunk" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-7489", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2013-7489" }, { "cve": "CVE-2018-10237", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2018-10237" }, { "cve": "CVE-2018-20225", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2018-20225" }, { "cve": "CVE-2019-20454", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2019-20454" }, { "cve": "CVE-2019-20838", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2019-20838" }, { "cve": "CVE-2020-14155", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-14155" }, { "cve": "CVE-2020-28469", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-28469" }, { "cve": "CVE-2020-28851", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-28851" }, { "cve": "CVE-2020-29652", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-29652" }, { "cve": "CVE-2020-8169", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8169" }, { "cve": "CVE-2020-8177", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8177" }, { "cve": "CVE-2020-8231", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8231" }, { "cve": "CVE-2020-8284", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8284" }, { "cve": "CVE-2020-8285", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8285" }, { "cve": "CVE-2020-8286", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8286" }, { "cve": "CVE-2020-8908", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8908" }, { "cve": "CVE-2021-20066", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-20066" }, { "cve": "CVE-2021-22569", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22569" }, { "cve": "CVE-2021-22876", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22876" }, { "cve": "CVE-2021-22890", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22890" }, { "cve": "CVE-2021-22897", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22897" }, { "cve": "CVE-2021-22898", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22898" }, { "cve": "CVE-2021-22901", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22901" }, { "cve": "CVE-2021-22922", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22922" }, { "cve": "CVE-2021-22923", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22923" }, { "cve": "CVE-2021-22924", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22924" }, { "cve": "CVE-2021-22925", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22925" }, { "cve": "CVE-2021-22926", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22926" }, { "cve": "CVE-2021-22945", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22945" }, { "cve": "CVE-2021-22946", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22946" }, { "cve": "CVE-2021-22947", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22947" }, { "cve": "CVE-2021-23343", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-23343" }, { "cve": "CVE-2021-23382", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-23382" }, { "cve": "CVE-2021-27918", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-27918" }, { "cve": "CVE-2021-27919", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-27919" }, { "cve": "CVE-2021-29060", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-29060" }, { "cve": "CVE-2021-29425", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-29425" }, { "cve": "CVE-2021-29923", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-29923" }, { "cve": "CVE-2021-31525", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-31525" }, { "cve": "CVE-2021-31566", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-31566" }, { "cve": "CVE-2021-33194", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-33194" }, { "cve": "CVE-2021-33195", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-33195" }, { "cve": "CVE-2021-33196", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-33196" }, { "cve": "CVE-2021-33197", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-33197" }, { "cve": "CVE-2021-33198", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-33198" }, { "cve": "CVE-2021-34558", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-34558" }, { "cve": "CVE-2021-3520", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-3520" }, { "cve": "CVE-2021-3572", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-3572" }, { "cve": "CVE-2021-36221", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-36221" }, { "cve": "CVE-2021-36976", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-36976" }, { "cve": "CVE-2021-3803", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-3803" }, { "cve": "CVE-2021-38297", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-38297" }, { "cve": "CVE-2021-38561", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-38561" }, { "cve": "CVE-2021-39293", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-39293" }, { "cve": "CVE-2021-41182", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-41182" }, { "cve": "CVE-2021-41183", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-41183" }, { "cve": "CVE-2021-41184", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-41184" }, { "cve": "CVE-2021-41771", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-41771" }, { "cve": "CVE-2021-41772", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-41772" }, { "cve": "CVE-2021-43565", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-43565" }, { "cve": "CVE-2021-44716", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-44716" }, { "cve": "CVE-2021-44717", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-44717" }, { "cve": "CVE-2022-1705", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-1705" }, { "cve": "CVE-2022-1941", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-1941" }, { "cve": "CVE-2022-1962", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-1962" }, { "cve": "CVE-2022-22576", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-22576" }, { "cve": "CVE-2022-2309", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-2309" }, { "cve": "CVE-2022-23491", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-23491" }, { "cve": "CVE-2022-23772", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-23772" }, { "cve": "CVE-2022-23773", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-23773" }, { "cve": "CVE-2022-23806", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-23806" }, { "cve": "CVE-2022-24675", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-24675" }, { "cve": "CVE-2022-24921", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-24921" }, { "cve": "CVE-2022-24999", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-24999" }, { "cve": "CVE-2022-25881", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-25881" }, { "cve": "CVE-2022-27191", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27191" }, { "cve": "CVE-2022-27536", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27536" }, { "cve": "CVE-2022-27664", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27664" }, { "cve": "CVE-2022-27774", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27774" }, { "cve": "CVE-2022-27775", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27775" }, { "cve": "CVE-2022-27776", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27776" }, { "cve": "CVE-2022-27778", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27778" }, { "cve": "CVE-2022-27779", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27779" }, { "cve": "CVE-2022-27780", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27780" }, { "cve": "CVE-2022-27781", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27781" }, { "cve": "CVE-2022-27782", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27782" }, { "cve": "CVE-2022-28131", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-28131" }, { "cve": "CVE-2022-28327", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-28327" }, { "cve": "CVE-2022-2879", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-2879" }, { "cve": "CVE-2022-2880", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-2880" }, { "cve": "CVE-2022-29526", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-29526" }, { "cve": "CVE-2022-29804", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-29804" }, { "cve": "CVE-2022-30115", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30115" }, { "cve": "CVE-2022-30580", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30580" }, { "cve": "CVE-2022-30629", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30629" }, { "cve": "CVE-2022-30630", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30630" }, { "cve": "CVE-2022-30631", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30631" }, { "cve": "CVE-2022-30632", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30632" }, { "cve": "CVE-2022-30633", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30633" }, { "cve": "CVE-2022-30634", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30634" }, { "cve": "CVE-2022-30635", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30635" }, { "cve": "CVE-2022-31129", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-31129" }, { "cve": "CVE-2022-3171", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-3171" }, { "cve": "CVE-2022-32148", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32148" }, { "cve": "CVE-2022-32149", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32149" }, { "cve": "CVE-2022-32189", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32189" }, { "cve": "CVE-2022-32205", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32205" }, { "cve": "CVE-2022-32206", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32206" }, { "cve": "CVE-2022-32207", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32207" }, { "cve": "CVE-2022-32208", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32208" }, { "cve": "CVE-2022-32221", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32221" }, { "cve": "CVE-2022-33987", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-33987" }, { "cve": "CVE-2022-3509", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-3509" }, { "cve": "CVE-2022-3510", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-3510" }, { "cve": "CVE-2022-3517", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-3517" }, { "cve": "CVE-2022-35252", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-35252" }, { "cve": "CVE-2022-35260", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-35260" }, { "cve": "CVE-2022-35737", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-35737" }, { "cve": "CVE-2022-36227", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-36227" }, { "cve": "CVE-2022-37599", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-37599" }, { "cve": "CVE-2022-37601", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-37601" }, { "cve": "CVE-2022-37603", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-37603" }, { "cve": "CVE-2022-38900", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-38900" }, { "cve": "CVE-2022-40023", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-40023" }, { "cve": "CVE-2022-40897", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-40897" }, { "cve": "CVE-2022-40899", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-40899" }, { "cve": "CVE-2022-41715", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-41715" }, { "cve": "CVE-2022-41716", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-41716" }, { "cve": "CVE-2022-41720", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-41720" }, { "cve": "CVE-2022-41722", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-41722" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-42004", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-42004" }, { "cve": "CVE-2022-42915", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-42915" }, { "cve": "CVE-2022-42916", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-42916" }, { "cve": "CVE-2022-43551", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-43551" }, { "cve": "CVE-2022-43552", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-43552" }, { "cve": "CVE-2022-46175", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-46175" }, { "cve": "CVE-2023-23914", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-23914" }, { "cve": "CVE-2023-23915", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-23915" }, { "cve": "CVE-2023-23916", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-23916" }, { "cve": "CVE-2023-24539", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-24539" }, { "cve": "CVE-2023-24540", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-24540" }, { "cve": "CVE-2023-27533", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27533" }, { "cve": "CVE-2023-27534", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27534" }, { "cve": "CVE-2023-27535", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27535" }, { "cve": "CVE-2023-27536", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27536" }, { "cve": "CVE-2023-27537", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27537" }, { "cve": "CVE-2023-27538", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27538" }, { "cve": "CVE-2023-29400", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-29400" }, { "cve": "CVE-2023-29402", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-29402" }, { "cve": "CVE-2023-29403", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-29403" }, { "cve": "CVE-2023-29404", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-29404" }, { "cve": "CVE-2023-29405", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-29405" }, { "cve": "CVE-2023-40592", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40592" }, { "cve": "CVE-2023-40593", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40593" }, { "cve": "CVE-2023-40594", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40594" }, { "cve": "CVE-2023-40595", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40595" }, { "cve": "CVE-2023-40596", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40596" }, { "cve": "CVE-2023-40597", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40597" }, { "cve": "CVE-2023-40598", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40598" } ] }
wid-sec-w-2023-1350
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1350 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1350.json" }, { "category": "self", "summary": "WID-SEC-2023-1350 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1350" }, { "category": "external", "summary": "Splunk Enterprise Security Advisory SVD-2023-0613 vom 2023-06-01", "url": "https://advisory.splunk.com/advisories/SVD-2023-0613" }, { "category": "external", "summary": "IBM Security Bulletin 7008449 vom 2023-06-29", "url": "https://www.ibm.com/support/pages/node/7008449" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0487-1 vom 2024-02-15", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017931.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0486-1 vom 2024-02-15", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017932.html" } ], "source_lang": "en-US", "title": "Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern", "tracking": { "current_release_date": "2024-02-15T23:00:00.000+00:00", "generator": { "date": "2024-02-16T09:06:57.360+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1350", "initial_release_date": "2023-06-01T22:00:00.000+00:00", "revision_history": [ { "date": "2023-06-01T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-06-29T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2024-01-23T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-02-15T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von SUSE aufgenommen" } ], "status": "final", "version": "4" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM DB2", "product": { "name": "IBM DB2", "product_id": "5104", "product_identification_helper": { "cpe": "cpe:/a:ibm:db2:-" } } } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 8.1.14", "product": { "name": "Splunk Splunk Enterprise \u003c 8.1.14", "product_id": "T027935", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:8.1.14" } } }, { "category": "product_version_range", "name": "\u003c 8.2.11", "product": { "name": "Splunk Splunk Enterprise \u003c 8.2.11", "product_id": "T027936", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:8.2.11" } } }, { "category": "product_version_range", "name": "\u003c 9.0.5", "product": { "name": "Splunk Splunk Enterprise \u003c 9.0.5", "product_id": "T027937", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:9.0.5" } } } ], "category": "product_name", "name": "Splunk Enterprise" } ], "category": "vendor", "name": "Splunk" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-27538", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-27538" }, { "cve": "CVE-2023-27537", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-27537" }, { "cve": "CVE-2023-27536", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-27536" }, { "cve": "CVE-2023-27535", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-27535" }, { "cve": "CVE-2023-27534", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-27534" }, { "cve": "CVE-2023-27533", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-27533" }, { "cve": "CVE-2023-23916", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-23916" }, { "cve": "CVE-2023-23915", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-23915" }, { "cve": "CVE-2023-23914", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-23914" }, { "cve": "CVE-2023-1370", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-1370" }, { "cve": "CVE-2023-0286", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-0286" }, { "cve": "CVE-2023-0215", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-0215" }, { "cve": "CVE-2022-46175", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-46175" }, { "cve": "CVE-2022-43680", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-43680" }, { "cve": "CVE-2022-43552", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-43552" }, { "cve": "CVE-2022-43551", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-43551" }, { "cve": "CVE-2022-4304", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-4304" }, { "cve": "CVE-2022-42916", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-42916" }, { "cve": "CVE-2022-42915", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-42915" }, { "cve": "CVE-2022-42004", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-42004" }, { "cve": "CVE-2022-4200", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-4200" }, { "cve": "CVE-2022-41720", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-41720" }, { "cve": "CVE-2022-41716", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-41716" }, { "cve": "CVE-2022-41715", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-41715" }, { "cve": "CVE-2022-40304", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-40304" }, { "cve": "CVE-2022-40303", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-40303" }, { "cve": "CVE-2022-40023", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-40023" }, { "cve": "CVE-2022-38900", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-38900" }, { "cve": "CVE-2022-37616", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-37616" }, { "cve": "CVE-2022-37603", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-37603" }, { "cve": "CVE-2022-37601", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-37601" }, { "cve": "CVE-2022-37599", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-37599" }, { "cve": "CVE-2022-37434", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-37434" }, { "cve": "CVE-2022-36227", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-36227" }, { "cve": "CVE-2022-35737", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-35737" }, { "cve": "CVE-2022-35260", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-35260" }, { "cve": "CVE-2022-35252", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-35252" }, { "cve": "CVE-2022-3517", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-3517" }, { "cve": "CVE-2022-33987", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-33987" }, { "cve": "CVE-2022-32221", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-32221" }, { "cve": "CVE-2022-32208", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-32208" }, { "cve": "CVE-2022-32207", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-32207" }, { "cve": "CVE-2022-32206", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-32206" }, { "cve": "CVE-2022-32205", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-32205" }, { "cve": "CVE-2022-32189", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-32189" }, { "cve": "CVE-2022-32148", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-32148" }, { "cve": "CVE-2022-31129", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-31129" }, { "cve": "CVE-2022-30635", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30635" }, { "cve": "CVE-2022-30634", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30634" }, { "cve": "CVE-2022-30633", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30633" }, { "cve": "CVE-2022-30632", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30632" }, { "cve": "CVE-2022-30631", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30631" }, { "cve": "CVE-2022-30630", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30630" }, { "cve": "CVE-2022-30629", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30629" }, { "cve": "CVE-2022-30580", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30580" }, { "cve": "CVE-2022-30115", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30115" }, { "cve": "CVE-2022-29804", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-29804" }, { "cve": "CVE-2022-29526", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-29526" }, { "cve": "CVE-2022-2880", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-2880" }, { "cve": "CVE-2022-2879", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-2879" }, { "cve": "CVE-2022-28327", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-28327" }, { "cve": "CVE-2022-28131", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-28131" }, { "cve": "CVE-2022-27782", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27782" }, { "cve": "CVE-2022-27781", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27781" }, { "cve": "CVE-2022-27780", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27780" }, { "cve": "CVE-2022-27779", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27779" }, { "cve": "CVE-2022-27778", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27778" }, { "cve": "CVE-2022-27776", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27776" }, { "cve": "CVE-2022-27775", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27775" }, { "cve": "CVE-2022-27774", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27774" }, { "cve": "CVE-2022-27664", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27664" }, { "cve": "CVE-2022-27191", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27191" }, { "cve": "CVE-2022-25858", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-25858" }, { "cve": "CVE-2022-24999", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-24999" }, { "cve": "CVE-2022-24921", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-24921" }, { "cve": "CVE-2022-24675", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-24675" }, { "cve": "CVE-2022-23806", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-23806" }, { "cve": "CVE-2022-23773", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-23773" }, { "cve": "CVE-2022-23772", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-23772" }, { "cve": "CVE-2022-23491", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-23491" }, { "cve": "CVE-2022-22576", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-22576" }, { "cve": "CVE-2022-1962", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-1962" }, { "cve": "CVE-2022-1705", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-1705" }, { "cve": "CVE-2021-43565", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-43565" }, { "cve": "CVE-2021-3803", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-3803" }, { "cve": "CVE-2021-36976", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-36976" }, { "cve": "CVE-2021-3520", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-3520" }, { "cve": "CVE-2021-33587", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-33587" }, { "cve": "CVE-2021-33503", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-33503" }, { "cve": "CVE-2021-33502", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-33502" }, { "cve": "CVE-2021-31566", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-31566" }, { "cve": "CVE-2021-29060", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-29060" }, { "cve": "CVE-2021-27292", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-27292" }, { "cve": "CVE-2021-23382", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-23382" }, { "cve": "CVE-2021-23368", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-23368" }, { "cve": "CVE-2021-23343", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-23343" }, { "cve": "CVE-2021-22947", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22947" }, { "cve": "CVE-2021-22946", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22946" }, { "cve": "CVE-2021-22945", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22945" }, { "cve": "CVE-2021-22926", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22926" }, { "cve": "CVE-2021-22925", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22925" }, { "cve": "CVE-2021-22924", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22924" }, { "cve": "CVE-2021-22923", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22923" }, { "cve": "CVE-2021-22922", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22922" }, { "cve": "CVE-2021-22901", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22901" }, { "cve": "CVE-2021-22898", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22898" }, { "cve": "CVE-2021-22897", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22897" }, { "cve": "CVE-2021-22890", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22890" }, { "cve": "CVE-2021-22876", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22876" }, { "cve": "CVE-2021-20095", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-20095" }, { "cve": "CVE-2020-8286", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8286" }, { "cve": "CVE-2020-8285", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8285" }, { "cve": "CVE-2020-8284", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8284" }, { "cve": "CVE-2020-8231", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8231" }, { "cve": "CVE-2020-8203", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8203" }, { "cve": "CVE-2020-8177", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8177" }, { "cve": "CVE-2020-8169", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8169" }, { "cve": "CVE-2020-8116", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8116" }, { "cve": "CVE-2020-7774", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-7774" }, { "cve": "CVE-2020-7753", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-7753" }, { "cve": "CVE-2020-7662", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-7662" }, { "cve": "CVE-2020-28469", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-28469" }, { "cve": "CVE-2020-15138", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-15138" }, { "cve": "CVE-2020-13822", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-13822" }, { "cve": "CVE-2019-20149", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2019-20149" }, { "cve": "CVE-2019-10746", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2019-10746" }, { "cve": "CVE-2019-10744", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2019-10744" }, { "cve": "CVE-2018-25032", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2018-25032" }, { "cve": "CVE-2017-16042", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2017-16042" } ] }
wid-sec-w-2024-0528
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Data Protection Advisor ist eine Monitoring L\u00f6sung. Der Collector ist der lokale Agent.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Dell Data Protection Advisor ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Berechtigungen zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0528 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0528.json" }, { "category": "self", "summary": "WID-SEC-2024-0528 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0528" }, { "category": "external", "summary": "Dell Security Advisory DSA-2024-107 vom 2024-02-29", "url": "https://www.dell.com/support/kbdoc/000222618/dsa-2024-=" } ], "source_lang": "en-US", "title": "Dell Data Protection Advisor: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-02-29T23:00:00.000+00:00", "generator": { "date": "2024-03-01T12:07:07.687+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0528", "initial_release_date": "2024-02-29T23:00:00.000+00:00", "revision_history": [ { "date": "2024-02-29T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 19.10", "product": { "name": "Dell Data Protection Advisor \u003c 19.10", "product_id": "T033198", "product_identification_helper": { "cpe": "cpe:/a:dell:data_protection_advisor:19.10" } } } ], "category": "product_name", "name": "Data Protection Advisor" } ], "category": "vendor", "name": "Dell" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-45648", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2023-45648" }, { "cve": "CVE-2023-42795", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2023-42795" }, { "cve": "CVE-2023-41080", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2023-41080" }, { "cve": "CVE-2023-34055", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2023-34055" }, { "cve": "CVE-2023-28708", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2023-28708" }, { "cve": "CVE-2023-28154", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2023-28154" }, { "cve": "CVE-2023-22081", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2023-22081" }, { "cve": "CVE-2023-22067", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2023-22067" }, { "cve": "CVE-2023-22025", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2023-22025" }, { "cve": "CVE-2023-20883", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2023-20883" }, { "cve": "CVE-2023-20873", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2023-20873" }, { "cve": "CVE-2023-20863", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2023-20863" }, { "cve": "CVE-2023-20861", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2023-20861" }, { "cve": "CVE-2022-46175", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-46175" }, { "cve": "CVE-2022-41854", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-41854" }, { "cve": "CVE-2022-38752", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-38752" }, { "cve": "CVE-2022-38751", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-38751" }, { "cve": "CVE-2022-38750", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-38750" }, { "cve": "CVE-2022-38749", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-38749" }, { "cve": "CVE-2022-37603", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-37603" }, { "cve": "CVE-2022-37601", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-37601" }, { "cve": "CVE-2022-37599", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-37599" }, { "cve": "CVE-2022-31129", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-31129" }, { "cve": "CVE-2022-27772", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-27772" }, { "cve": "CVE-2022-25881", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-25881" }, { "cve": "CVE-2022-25858", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-25858" }, { "cve": "CVE-2022-22971", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-22971" }, { "cve": "CVE-2022-22970", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-22970" }, { "cve": "CVE-2022-22968", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-22968" }, { "cve": "CVE-2022-22965", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-22965" }, { "cve": "CVE-2022-22950", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2022-22950" }, { "cve": "CVE-2021-43980", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2021-43980" }, { "cve": "CVE-2021-33037", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2021-33037" }, { "cve": "CVE-2021-30640", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2021-30640" }, { "cve": "CVE-2020-5421", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2020-5421" }, { "cve": "CVE-2020-1938", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2020-1938" }, { "cve": "CVE-2020-1935", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2020-1935" }, { "cve": "CVE-2020-13943", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2020-13943" }, { "cve": "CVE-2020-13935", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2020-13935" }, { "cve": "CVE-2020-13934", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2020-13934" }, { "cve": "CVE-2020-11996", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2020-11996" }, { "cve": "CVE-2019-2684", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2019-2684" }, { "cve": "CVE-2019-17563", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2019-17563" }, { "cve": "CVE-2019-12418", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2019-12418" }, { "cve": "CVE-2019-10072", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2019-10072" }, { "cve": "CVE-2019-0232", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2019-0232" }, { "cve": "CVE-2019-0221", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2019-0221" }, { "cve": "CVE-2019-0199", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2019-0199" }, { "cve": "CVE-2018-8037", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-8037" }, { "cve": "CVE-2018-8034", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-8034" }, { "cve": "CVE-2018-8014", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-8014" }, { "cve": "CVE-2018-15756", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-15756" }, { "cve": "CVE-2018-1336", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-1336" }, { "cve": "CVE-2018-1305", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-1305" }, { "cve": "CVE-2018-1304", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-1304" }, { "cve": "CVE-2018-1275", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-1275" }, { "cve": "CVE-2018-1272", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-1272" }, { "cve": "CVE-2018-1271", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-1271" }, { "cve": "CVE-2018-1270", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-1270" }, { "cve": "CVE-2018-1257", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-1257" }, { "cve": "CVE-2018-1199", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-1199" }, { "cve": "CVE-2018-1196", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-1196" }, { "cve": "CVE-2018-11784", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-11784" }, { "cve": "CVE-2018-11040", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-11040" }, { "cve": "CVE-2018-11039", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2018-11039" }, { "cve": "CVE-2017-8046", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2017-8046" }, { "cve": "CVE-2017-7675", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2017-7675" }, { "cve": "CVE-2017-7674", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2017-7674" }, { "cve": "CVE-2017-5664", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2017-5664" }, { "cve": "CVE-2017-5651", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2017-5651" }, { "cve": "CVE-2017-5650", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2017-5650" }, { "cve": "CVE-2017-5648", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2017-5648" }, { "cve": "CVE-2017-5647", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2017-5647" }, { "cve": "CVE-2017-18640", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2017-18640" }, { "cve": "CVE-2017-12617", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2017-12617" }, { "cve": "CVE-2016-9878", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2016-9878" }, { "cve": "CVE-2016-8745", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2016-8745" }, { "cve": "CVE-2016-8735", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2016-8735" }, { "cve": "CVE-2016-6817", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2016-6817" }, { "cve": "CVE-2016-6816", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "release_date": "2024-02-29T23:00:00Z", "title": "CVE-2016-6816" } ] }
wid-sec-w-2023-1542
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1542 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1542.json" }, { "category": "self", "summary": "WID-SEC-2023-1542 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1542" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0139 vom 2024-01-10", "url": "https://access.redhat.com/errata/RHSA-2024:0139" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0143 vom 2024-01-10", "url": "https://access.redhat.com/errata/RHSA-2024:0143" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0137 vom 2024-01-10", "url": "https://access.redhat.com/errata/RHSA-2024:0137" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0121 vom 2024-01-10", "url": "https://access.redhat.com/errata/RHSA-2024:0121" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7820 vom 2023-12-14", "url": "https://access.redhat.com/errata/RHSA-2023:7820" }, { "category": "external", "summary": "Meinberg Security Advisory", "url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2024-01-lantime-firmware-v7-08-007.htm" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3742 vom 2023-06-22", "url": "https://access.redhat.com/errata/RHSA-2023:3742" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3612 vom 2023-06-23", "url": "https://access.redhat.com/errata/RHSA-2023:3614" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3615 vom 2023-06-22", "url": "https://access.redhat.com/errata/RHSA-2023:3615" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3613 vom 2023-06-27", "url": "https://access.redhat.com/errata/RHSA-2023:3613" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2023-06-29", "url": "https://access.redhat.com/errata/RHSA-2023:3918" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3943 vom 2023-06-29", "url": "https://access.redhat.com/errata/RHSA-2023:3943" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3910 vom 2023-07-06", "url": "https://access.redhat.com/errata/RHSA-2023:3910" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3915 vom 2023-07-06", "url": "https://access.redhat.com/errata/RHSA-2023:3915" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3925 vom 2023-07-06", "url": "https://access.redhat.com/errata/RHSA-2023:3925" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4003 vom 2023-07-10", "url": "https://access.redhat.com/errata/RHSA-2023:4003" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-6CFE7492C1 vom 2023-07-16", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-6cfe7492c1" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-AA7C75ED4A vom 2023-07-16", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-aa7c75ed4a" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4025 vom 2023-07-18", "url": "https://access.redhat.com/errata/RHSA-2023:4025" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4112 vom 2023-07-18", "url": "https://access.redhat.com/errata/RHSA-2023:4112" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4113 vom 2023-07-18", "url": "https://access.redhat.com/errata/RHSA-2023:4113" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4114 vom 2023-07-18", "url": "https://access.redhat.com/errata/RHSA-2023:4114" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4053 vom 2023-07-19", "url": "https://access.redhat.com/errata/RHSA-2023:4053" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4204 vom 2023-07-19", "url": "https://access.redhat.com/errata/RHSA-2023:4204" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4090 vom 2023-07-21", "url": "https://access.redhat.com/errata/RHSA-2023:4090" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4241 vom 2023-07-21", "url": "https://access.redhat.com/errata/RHSA-2023:4241" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4238 vom 2023-07-20", "url": "https://access.redhat.com/errata/RHSA-2023:4238" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4093 vom 2023-07-20", "url": "https://access.redhat.com/errata/RHSA-2023:4093" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4091 vom 2023-07-20", "url": "https://access.redhat.com/errata/RHSA-2023:4091" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4225 vom 2023-07-27", "url": "https://access.redhat.com/errata/RHSA-2023:4225" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4226 vom 2023-07-27", "url": "https://access.redhat.com/errata/RHSA-2023:4226" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4470 vom 2023-08-03", "url": "https://access.redhat.com/errata/RHSA-2023:4470" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4335 vom 2023-08-08", "url": "https://access.redhat.com/errata/RHSA-2023:4335" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4674 vom 2023-08-23", "url": "https://access.redhat.com/errata/RHSA-2023:4674" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4983 vom 2023-09-05", "url": "https://access.redhat.com/errata/RHSA-2023:4983" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5103 vom 2023-09-12", "url": "https://access.redhat.com/errata/RHSA-2023:5103" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5233 vom 2023-09-19", "url": "https://access.redhat.com/errata/RHSA-2023:5233" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5314 vom 2023-09-20", "url": "https://access.redhat.com/errata/RHSA-2023:5314" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5006 vom 2023-12-30", "url": "https://access.redhat.com/errata/RHSA-2023:5006" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:6316 vom 2023-11-07", "url": "https://access.redhat.com/errata/RHSA-2023:6316" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7058 vom 2023-11-15", "url": "https://access.redhat.com/errata/RHSA-2023:7058" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7823 vom 2024-01-05", "url": "https://access.redhat.com/errata/RHSA-2023:7823" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2023-6939 vom 2023-11-21", "url": "https://linux.oracle.com/errata/ELSA-2023-6939.html" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-14A33318B8 vom 2023-12-03", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-14a33318b8" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7672 vom 2023-12-06", "url": "https://access.redhat.com/errata/RHSA-2023:7672" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202405-04 vom 2024-05-04", "url": "https://security.gentoo.org/glsa/202405-04" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2987 vom 2024-05-22", "url": "https://access.redhat.com/errata/RHSA-2024:2987" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3254 vom 2024-05-22", "url": "https://access.redhat.com/errata/RHSA-2024:3254" } ], "source_lang": "en-US", "title": "Red Hat OpenShift: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-21T22:00:00.000+00:00", "generator": { "date": "2024-05-22T12:11:49.378+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1542", "initial_release_date": "2023-06-22T22:00:00.000+00:00", "revision_history": [ { "date": "2023-06-22T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-06-25T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-26T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-28T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-29T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-05T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-06T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-10T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-16T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2023-07-17T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-18T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-20T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-26T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-08-03T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-08-07T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-08-23T22:00:00.000+00:00", "number": "16", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-09-05T22:00:00.000+00:00", "number": "17", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-09-12T22:00:00.000+00:00", "number": "18", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-09-19T22:00:00.000+00:00", "number": "19", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-09-20T22:00:00.000+00:00", "number": "20", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-11-07T23:00:00.000+00:00", "number": "21", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-11-14T23:00:00.000+00:00", "number": "22", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-11-21T23:00:00.000+00:00", "number": "23", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2023-12-03T23:00:00.000+00:00", "number": "24", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2023-12-06T23:00:00.000+00:00", "number": "25", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-12-13T23:00:00.000+00:00", "number": "26", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-01-01T23:00:00.000+00:00", "number": "27", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-01-04T23:00:00.000+00:00", "number": "28", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-01-10T23:00:00.000+00:00", "number": "29", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-01-30T23:00:00.000+00:00", "number": "30", "summary": "Neue Updates von Meinberg aufgenommen" }, { "date": "2024-05-05T22:00:00.000+00:00", "number": "31", "summary": "Neue Updates von Gentoo aufgenommen" }, { "date": "2024-05-21T22:00:00.000+00:00", "number": "32", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "32" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Fedora Linux", "product": { "name": "Fedora Linux", "product_id": "74185", "product_identification_helper": { "cpe": "cpe:/o:fedoraproject:fedora:-" } } } ], "category": "vendor", "name": "Fedora" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c7.08.007", "product": { "name": "Meinberg LANTIME \u003c7.08.007", "product_id": "T032435", "product_identification_helper": { "cpe": "cpe:/h:meinberg:lantime:7.08.007" } } } ], "category": "product_name", "name": "LANTIME" } ], "category": "vendor", "name": "Meinberg" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_version", "name": "Advanced Cluster Security for Kubernetes 4", "product": { "name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4", "product_id": "T027916", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4" } } }, { "category": "product_version", "name": "Service Interconnect 1", "product": { "name": "Red Hat Enterprise Linux Service Interconnect 1", "product_id": "T028472", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:service_interconnect_1" } } } ], "category": "product_name", "name": "Enterprise Linux" }, { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift", "product": { "name": "Red Hat OpenShift", "product_id": "T008027", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:-" } } }, { "category": "product_version", "name": "Container Platform 4.12", "product": { "name": "Red Hat OpenShift Container Platform 4.12", "product_id": "T026435", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform_4.12" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.13.4", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.13.4", "product_id": "T028225", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.13.4" } } }, { "category": "product_version_range", "name": "Data Foundation \u003c4.13.0", "product": { "name": "Red Hat OpenShift Data Foundation \u003c4.13.0", "product_id": "T028289", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:data_foundation_4.13.0" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.12.22", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.12.22", "product_id": "T028307", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.12.22" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.11.44", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.11.44", "product_id": "T028416", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.11.44" } } }, { "category": "product_version_range", "name": "Data Foundation \u003c4.12.10", "product": { "name": "Red Hat OpenShift Data Foundation \u003c4.12.10", "product_id": "T031698", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:data_foundation__4.12.10" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.14.0", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.14.0", "product_id": "T031839", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.14.0" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.12.46", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.12.46", "product_id": "T031870", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.12.46" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-20107", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2015-20107" }, { "cve": "CVE-2018-25032", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2018-25032" }, { "cve": "CVE-2020-10735", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2020-10735" }, { "cve": "CVE-2020-16250", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2020-16250" }, { "cve": "CVE-2020-16251", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2020-16251" }, { "cve": "CVE-2020-17049", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2020-17049" }, { "cve": "CVE-2021-28861", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-28861" }, { "cve": "CVE-2021-3765", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-3765" }, { "cve": "CVE-2021-3807", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-3807" }, { "cve": "CVE-2021-4231", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-4231" }, { "cve": "CVE-2021-4235", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-4235" }, { "cve": "CVE-2021-4238", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-4238" }, { "cve": "CVE-2021-43519", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-43519" }, { "cve": "CVE-2021-43998", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-43998" }, { "cve": "CVE-2021-44531", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-44531" }, { "cve": "CVE-2021-44532", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-44532" }, { "cve": "CVE-2021-44533", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-44533" }, { "cve": "CVE-2021-44964", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-44964" }, { "cve": "CVE-2021-46828", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-46828" }, { "cve": "CVE-2021-46848", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-46848" }, { "cve": "CVE-2022-0670", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-0670" }, { "cve": "CVE-2022-1271", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-1271" }, { "cve": "CVE-2022-1304", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-1304" }, { "cve": "CVE-2022-1348", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-1348" }, { "cve": "CVE-2022-1586", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-1586" }, { "cve": "CVE-2022-1587", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-1587" }, { "cve": "CVE-2022-21824", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-21824" }, { "cve": "CVE-2022-2309", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-2309" }, { "cve": "CVE-2022-23540", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-23540" }, { "cve": "CVE-2022-23541", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-23541" }, { "cve": "CVE-2022-24903", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-24903" }, { "cve": "CVE-2022-2509", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-2509" }, { "cve": "CVE-2022-26280", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-26280" }, { "cve": "CVE-2022-27664", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-27664" }, { "cve": "CVE-2022-2795", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-2795" }, { "cve": "CVE-2022-2879", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-2879" }, { "cve": "CVE-2022-2880", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-2880" }, { "cve": "CVE-2022-28805", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-28805" }, { "cve": "CVE-2022-29154", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-29154" }, { "cve": "CVE-2022-30635", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-30635" }, { "cve": "CVE-2022-3094", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3094" }, { "cve": "CVE-2022-31129", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-31129" }, { "cve": "CVE-2022-32189", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-32189" }, { "cve": "CVE-2022-32190", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-32190" }, { "cve": "CVE-2022-33099", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-33099" }, { "cve": "CVE-2022-3358", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3358" }, { "cve": "CVE-2022-34903", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-34903" }, { "cve": "CVE-2022-3515", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3515" }, { "cve": "CVE-2022-3517", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3517" }, { "cve": "CVE-2022-35737", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-35737" }, { "cve": "CVE-2022-36227", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-36227" }, { "cve": "CVE-2022-3715", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3715" }, { "cve": "CVE-2022-3736", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3736" }, { "cve": "CVE-2022-37434", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-37434" }, { "cve": "CVE-2022-38149", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-38149" }, { "cve": "CVE-2022-3821", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3821" }, { "cve": "CVE-2022-38900", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-38900" }, { "cve": "CVE-2022-3924", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3924" }, { "cve": "CVE-2022-40023", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-40023" }, { "cve": "CVE-2022-40303", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-40303" }, { "cve": "CVE-2022-40304", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-40304" }, { "cve": "CVE-2022-40897", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-40897" }, { "cve": "CVE-2022-41316", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-41316" }, { "cve": "CVE-2022-41715", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-41715" }, { "cve": "CVE-2022-41717", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-41717" }, { "cve": "CVE-2022-41723", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-41723" }, { "cve": "CVE-2022-41724", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-41724" }, { "cve": "CVE-2022-41725", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-41725" }, { "cve": "CVE-2022-42010", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-42010" }, { "cve": "CVE-2022-42011", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-42011" }, { "cve": "CVE-2022-42012", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-42012" }, { "cve": "CVE-2022-42898", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-42898" }, { "cve": "CVE-2022-42919", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-42919" }, { "cve": "CVE-2022-43680", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-43680" }, { "cve": "CVE-2022-4415", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-4415" }, { "cve": "CVE-2022-45061", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-45061" }, { "cve": "CVE-2022-45873", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-45873" }, { "cve": "CVE-2022-46175", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-46175" }, { "cve": "CVE-2022-47024", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-47024" }, { "cve": "CVE-2022-47629", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-47629" }, { "cve": "CVE-2022-48303", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-48303" }, { "cve": "CVE-2022-48337", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-48337" }, { "cve": "CVE-2022-48338", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-48338" }, { "cve": "CVE-2022-48339", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-48339" }, { "cve": "CVE-2023-0361", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-0361" }, { "cve": "CVE-2023-0620", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-0620" }, { "cve": "CVE-2023-0665", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-0665" }, { "cve": "CVE-2023-22809", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-22809" }, { "cve": "CVE-2023-24329", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-24329" }, { "cve": "CVE-2023-2491", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-2491" }, { "cve": "CVE-2023-24999", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-24999" }, { "cve": "CVE-2023-25000", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-25000" }, { "cve": "CVE-2023-25136", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-25136" } ] }
wid-sec-w-2023-0328
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder Daten zu manipulieren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0328 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0328.json" }, { "category": "self", "summary": "WID-SEC-2023-0328 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0328" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0634 vom 2023-02-09", "url": "https://access.redhat.com/errata/RHSA-2023:0634" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0934 vom 2023-02-28", "url": "https://access.redhat.com/errata/RHSA-2023:0934" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1047 vom 2023-03-02", "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1045 vom 2023-03-02", "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1044 vom 2023-03-02", "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02", "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1049 vom 2023-03-02", "url": "https://access.redhat.com/errata/RHSA-2023:1049" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1428 vom 2023-03-23", "url": "https://access.redhat.com/errata/RHSA-2023:1428" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1743 vom 2023-04-12", "url": "https://access.redhat.com/errata/RHSA-2023:1743" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1742 vom 2023-04-12", "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6758-1 vom 2024-04-30", "url": "https://ubuntu.com/security/notices/USN-6758-1" } ], "source_lang": "en-US", "title": "Red Hat OpenShift: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-01T22:00:00.000+00:00", "generator": { "date": "2024-05-02T08:40:58.351+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-0328", "initial_release_date": "2023-02-09T23:00:00.000+00:00", "revision_history": [ { "date": "2023-02-09T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-02-27T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-03-01T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-03-22T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-04-12T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-01T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Ubuntu aufgenommen" } ], "status": "final", "version": "6" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version", "name": "logging", "product": { "name": "Red Hat OpenShift logging", "product_id": "T026215", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:logging" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-35065", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Diese besteht in der Komponente \"glob-parent package\". Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T000126", "T026215" ] }, "release_date": "2023-02-09T23:00:00Z", "title": "CVE-2021-35065" }, { "cve": "CVE-2022-46175", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Diese besteht in der Komponente \"json5\" und ist auf einen Fehler zur\u00fcckzuf\u00fchren, der eine Prototype Pollution erm\u00f6glicht. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Daten zu manipulieren." } ], "product_status": { "known_affected": [ "67646", "T000126", "T026215" ] }, "release_date": "2023-02-09T23:00:00Z", "title": "CVE-2022-46175" } ] }
wid-sec-w-2024-0049
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Splunk Enterprise ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0049 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0049.json" }, { "category": "self", "summary": "WID-SEC-2024-0049 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0049" }, { "category": "external", "summary": "Splunk Security Advisory SVD-2024-0101 vom 2024-01-09", "url": "https://advisory.splunk.com//advisories/SVD-2024-0101" }, { "category": "external", "summary": "Splunk Security Advisory SVD-2024-0102 vom 2024-01-09", "url": "https://advisory.splunk.com//advisories/SVD-2024-0102" }, { "category": "external", "summary": "Splunk Security Advisory SVD-2024-0103 vom 2024-01-09", "url": "https://advisory.splunk.com//advisories/SVD-2024-0103" }, { "category": "external", "summary": "Splunk Security Advisory SVD-2024-0104 vom 2024-01-09", "url": "https://advisory.splunk.com//advisories/SVD-2024-0104" }, { "category": "external", "summary": "Splunk Security Advisory SVD-2024-0112 vom 2024-01-30", "url": "https://advisory.splunk.com//advisories/SVD-2024-0112" } ], "source_lang": "en-US", "title": "Splunk Enterprise: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-01-30T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:55:58.265+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0049", "initial_release_date": "2024-01-09T23:00:00.000+00:00", "revision_history": [ { "date": "2024-01-09T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-01-30T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Splunk-SVD aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Splunk Splunk Enterprise Security \u003c 7.3.0", "product": { "name": "Splunk Splunk Enterprise Security \u003c 7.3.0", "product_id": "T031923", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:security__7.3.0" } } }, { "category": "product_name", "name": "Splunk Splunk Enterprise Security \u003c 7.2.0", "product": { "name": "Splunk Splunk Enterprise Security \u003c 7.2.0", "product_id": "T031924", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:security__7.2.0" } } }, { "category": "product_name", "name": "Splunk Splunk Enterprise Security \u003c 7.1.2", "product": { "name": "Splunk Splunk Enterprise Security \u003c 7.1.2", "product_id": "T031925", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:security__7.1.2" } } }, { "category": "product_name", "name": "Splunk Splunk Enterprise UBA \u003c 5.3.0", "product": { "name": "Splunk Splunk Enterprise UBA \u003c 5.3.0", "product_id": "T031926", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:uba__5.3.0" } } }, { "category": "product_name", "name": "Splunk Splunk Enterprise UBA \u003c 5.2.1", "product": { "name": "Splunk Splunk Enterprise UBA \u003c 5.2.1", "product_id": "T031927", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:uba__5.2.1" } } } ], "category": "product_name", "name": "Splunk Enterprise" } ], "category": "vendor", "name": "Splunk" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-45133", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung." } ], "release_date": "2024-01-09T23:00:00Z", "title": "CVE-2023-45133" }, { "cve": "CVE-2023-32695", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung." } ], "release_date": "2024-01-09T23:00:00Z", "title": "CVE-2023-32695" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung." } ], "release_date": "2024-01-09T23:00:00Z", "title": "CVE-2023-2976" }, { "cve": "CVE-2022-46175", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung." } ], "release_date": "2024-01-09T23:00:00Z", "title": "CVE-2022-46175" }, { "cve": "CVE-2022-37603", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung." } ], "release_date": "2024-01-09T23:00:00Z", "title": "CVE-2022-37603" }, { "cve": "CVE-2022-37601", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung." } ], "release_date": "2024-01-09T23:00:00Z", "title": "CVE-2022-37601" }, { "cve": "CVE-2022-37599", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung." } ], "release_date": "2024-01-09T23:00:00Z", "title": "CVE-2022-37599" }, { "cve": "CVE-2022-3510", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung." } ], "release_date": "2024-01-09T23:00:00Z", "title": "CVE-2022-3510" }, { "cve": "CVE-2022-3509", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung." } ], "release_date": "2024-01-09T23:00:00Z", "title": "CVE-2022-3509" }, { "cve": "CVE-2022-3171", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung." } ], "release_date": "2024-01-09T23:00:00Z", "title": "CVE-2022-3171" }, { "cve": "CVE-2022-25883", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung." } ], "release_date": "2024-01-09T23:00:00Z", "title": "CVE-2022-25883" }, { "cve": "CVE-2021-23446", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung." } ], "release_date": "2024-01-09T23:00:00Z", "title": "CVE-2021-23446" }, { "cve": "CVE-2015-5237", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung." } ], "release_date": "2024-01-09T23:00:00Z", "title": "CVE-2015-5237" }, { "cve": "CVE-2024-22165", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese bestehen in der Komponente \"Investigator\" und sind auf Fehler bei der Verarbeitung von Requests und Investigationen zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-01-09T23:00:00Z", "title": "CVE-2024-22165" }, { "cve": "CVE-2024-22164", "notes": [ { "category": "description", "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese bestehen in der Komponente \"Investigator\" und sind auf Fehler bei der Verarbeitung von Requests und Investigationen zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-01-09T23:00:00Z", "title": "CVE-2024-22164" } ] }
rhsa-2024_4631
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Dev Spaces 3.15 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.15 release is based on Eclipse Che 7.88 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:4631", "url": "https://access.redhat.com/errata/RHSA-2024:4631" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.15/html/administration_guide/installing-devspaces", "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.15/html/administration_guide/installing-devspaces" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2022-3064", "url": "https://access.redhat.com/security/cve/CVE-2022-3064" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2022-21698", "url": "https://access.redhat.com/security/cve/CVE-2022-21698" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2022-28948", "url": "https://access.redhat.com/security/cve/CVE-2022-28948" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2022-46175", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-6378", "url": "https://access.redhat.com/security/cve/CVE-2023-6378" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-39325", "url": "https://access.redhat.com/security/cve/CVE-2023-39325" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-41080", "url": "https://access.redhat.com/security/cve/CVE-2023-41080" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-44487", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-45288", "url": "https://access.redhat.com/security/cve/CVE-2023-45288" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-45648", "url": "https://access.redhat.com/security/cve/CVE-2023-45648" }, { "category": "external", "summary": "CRW-6593", "url": "https://issues.redhat.com/browse/CRW-6593" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4631.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.15.0 release", "tracking": { "current_release_date": "2024-11-08T14:40:22+00:00", "generator": { "date": "2024-11-08T14:40:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:4631", "initial_release_date": "2024-07-18T17:11:22+00:00", "revision_history": [ { "date": "2024-07-18T17:11:22+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-07-18T17:11:22+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-08T14:40:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Dev Spaces 3", "product": { "name": "Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_devspaces:3::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Dev Spaces" }, { "branches": [ { "category": "product_version", "name": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "product": { "name": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "product_id": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "product_identification_helper": { "purl": "pkg:oci/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.15-4" } } }, { "category": "product_version", "name": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "product": { "name": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "product_id": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "product_identification_helper": { "purl": "pkg:oci/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.15-2" } } }, { "category": "product_version", "name": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "product": { "name": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "product_id": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "product_identification_helper": { "purl": "pkg:oci/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.15-6" } } }, { "category": "product_version", "name": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "product": { "name": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "product_id": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "product_identification_helper": { "purl": "pkg:oci/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.15-15" } } }, { "category": "product_version", "name": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "product": { "name": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "product_id": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "product_identification_helper": { "purl": "pkg:oci/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/idea-rhel8\u0026tag=3.15-5" } } }, { "category": "product_version", "name": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "product": { "name": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "product_id": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "product_identification_helper": { "purl": "pkg:oci/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.15-2" } } }, { "category": "product_version", "name": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "product": { "name": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "product_id": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "product_identification_helper": { "purl": "pkg:oci/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.15-2" } } }, { "category": "product_version", "name": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "product": { "name": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "product_id": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "product_identification_helper": { "purl": "pkg:oci/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.15-26" } } }, { "category": "product_version", "name": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "product": { "name": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "product_id": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "product_identification_helper": { "purl": "pkg:oci/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.15-4" } } }, { "category": "product_version", "name": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "product": { "name": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "product_id": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "product_identification_helper": { "purl": "pkg:oci/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.15-10" } } }, { "category": "product_version", "name": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "product": { "name": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "product_id": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "product_identification_helper": { "purl": "pkg:oci/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.15-3" } } }, { "category": "product_version", "name": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "product": { "name": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "product_id": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "product_identification_helper": { "purl": "pkg:oci/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.15-2" } } }, { "category": "product_version", "name": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "product": { "name": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "product_id": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "product_identification_helper": { "purl": "pkg:oci/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.15-5" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "product": { "name": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "product_id": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "product_identification_helper": { "purl": "pkg:oci/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.15-4" } } }, { "category": "product_version", "name": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "product": { "name": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "product_id": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "product_identification_helper": { "purl": "pkg:oci/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.15-2" } } }, { "category": "product_version", "name": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "product": { "name": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "product_id": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "product_identification_helper": { "purl": "pkg:oci/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.15-6" } } }, { "category": "product_version", "name": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "product": { "name": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "product_id": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "product_identification_helper": { "purl": "pkg:oci/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.15-15" } } }, { "category": "product_version", "name": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "product": { "name": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "product_id": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "product_identification_helper": { "purl": "pkg:oci/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.15-2" } } }, { "category": "product_version", "name": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "product": { "name": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "product_id": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "product_identification_helper": { "purl": "pkg:oci/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.15-2" } } }, { "category": "product_version", "name": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "product": { "name": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "product_id": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "product_identification_helper": { "purl": "pkg:oci/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.15-26" } } }, { "category": "product_version", "name": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "product": { "name": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "product_id": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "product_identification_helper": { "purl": "pkg:oci/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.15-4" } } }, { "category": "product_version", "name": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "product": { "name": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "product_id": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "product_identification_helper": { "purl": "pkg:oci/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.15-10" } } }, { "category": "product_version", "name": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "product": { "name": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "product_id": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "product_identification_helper": { "purl": "pkg:oci/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.15-3" } } }, { "category": "product_version", "name": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "product": { "name": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "product_id": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "product_identification_helper": { "purl": "pkg:oci/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.15-2" } } }, { "category": "product_version", "name": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "product": { "name": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "product_id": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "product_identification_helper": { "purl": "pkg:oci/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.15-5" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "product": { "name": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "product_id": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.15-4" } } }, { "category": "product_version", "name": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "product": { "name": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "product_id": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "product_identification_helper": { "purl": "pkg:oci/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.15-2" } } }, { "category": "product_version", "name": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "product": { "name": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "product_id": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "product_identification_helper": { "purl": "pkg:oci/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.15-6" } } }, { "category": "product_version", "name": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "product": { "name": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "product_id": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "product_identification_helper": { "purl": "pkg:oci/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.15-15" } } }, { "category": "product_version", "name": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "product": { "name": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "product_id": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "product_identification_helper": { "purl": "pkg:oci/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.15-2" } } }, { "category": "product_version", "name": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "product": { "name": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "product_id": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "product_identification_helper": { "purl": "pkg:oci/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.15-2" } } }, { "category": "product_version", "name": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "product": { "name": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "product_id": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "product_identification_helper": { "purl": "pkg:oci/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.15-26" } } }, { "category": "product_version", "name": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "product": { "name": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "product_id": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "product_identification_helper": { "purl": "pkg:oci/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.15-4" } } }, { "category": "product_version", "name": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "product": { "name": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "product_id": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.15-10" } } }, { "category": "product_version", "name": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "product": { "name": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "product_id": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "product_identification_helper": { "purl": "pkg:oci/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.15-3" } } }, { "category": "product_version", "name": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "product": { "name": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "product_id": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "product_identification_helper": { "purl": "pkg:oci/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.15-2" } } }, { "category": "product_version", "name": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le", "product": { "name": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le", "product_id": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le", "product_identification_helper": { "purl": "pkg:oci/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.15-5" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le" }, "product_reference": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64" }, "product_reference": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x" }, "product_reference": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x" }, "product_reference": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64" }, "product_reference": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le" }, "product_reference": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x" }, "product_reference": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le" }, "product_reference": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64" }, "product_reference": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64" }, "product_reference": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le" }, "product_reference": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x" }, "product_reference": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64" }, "product_reference": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le" }, "product_reference": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x" }, "product_reference": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x" }, "product_reference": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le" }, "product_reference": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64" }, "product_reference": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64" }, "product_reference": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64" }, "product_reference": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le" }, "product_reference": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x" }, "product_reference": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le" }, "product_reference": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x" }, "product_reference": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64" }, "product_reference": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64" }, "product_reference": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le" }, "product_reference": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x" }, "product_reference": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x" }, "product_reference": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64" }, "product_reference": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le" }, "product_reference": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64" }, "product_reference": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x" }, "product_reference": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le" }, "product_reference": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x" }, "product_reference": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64" }, "product_reference": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" }, "product_reference": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-3064", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-01-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2163037" } ], "notes": [ { "category": "description", "text": "A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.", "title": "Vulnerability description" }, { "category": "summary", "text": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3064" }, { "category": "external", "summary": "RHBZ#2163037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163037" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3064", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3064" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r", "url": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r" }, { "category": "external", "summary": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5", "url": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5" }, { "category": "external", "summary": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4", "url": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2022-0956", "url": "https://pkg.go.dev/vuln/GO-2022-0956" } ], "release_date": "2022-08-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-18T17:11:22+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents" }, { "cve": "CVE-2022-21698", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2045880" } ], "notes": [ { "category": "description", "text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21698" }, { "category": "external", "summary": "RHBZ#2045880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698" }, { "category": "external", "summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", "url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p" } ], "release_date": "2022-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-18T17:11:22+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter" }, { "cve": "CVE-2022-28948", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-05-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2088748" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to convert (or deserialize) invalid input data, potentially impacting system stability and reliability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-gopkg-yaml: crash when attempting to deserialize invalid input", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat has designated the CVE rating as \u0027moderate\u0027 as exploitation of Red Hat products is contingent upon the attacker being authenticated when sending the malicious XML payload.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-28948" }, { "category": "external", "summary": "RHBZ#2088748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28948", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28948" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28948", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28948" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-hp87-p4gw-j4gq", "url": "https://github.com/advisories/GHSA-hp87-p4gw-j4gq" } ], "release_date": "2022-05-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-18T17:11:22+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-gopkg-yaml: crash when attempting to deserialize invalid input" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-18T17:11:22+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" }, { "cve": "CVE-2023-6378", "cwe": { "id": "CWE-499", "name": "Serializable Class Containing Sensitive Data" }, "discovery_date": "2023-11-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2252230" } ], "notes": [ { "category": "description", "text": "A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "logback: serialization vulnerability in logback receiver", "title": "Vulnerability summary" }, { "category": "other", "text": "The Logback package vulnerability, posing a risk of denial-of-service through a serialization flaw in its receiver component, is considered a moderate issue due to its potential impact on system availability. While denial-of-service vulnerabilities can be disruptive, the severity is tempered by the fact that they generally do not result in unauthorized access or data compromise.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-6378" }, { "category": "external", "summary": "RHBZ#2252230", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252230" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-6378", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6378" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378" } ], "release_date": "2023-11-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-18T17:11:22+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4631" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "logback: serialization vulnerability in logback receiver" }, { "cve": "CVE-2023-39325", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2243296" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39325" }, { "category": "external", "summary": "RHBZ#2243296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-44487", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://go.dev/issue/63417", "url": "https://go.dev/issue/63417" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-18T17:11:22+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4631" }, { "category": "workaround", "details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)" }, { "cve": "CVE-2023-41080", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2023-08-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2235370" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Open Redirect vulnerability in FORM authentication", "title": "Vulnerability summary" }, { "category": "other", "text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-41080" }, { "category": "external", "summary": "RHBZ#2235370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41080" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080" }, { "category": "external", "summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f", "url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f" } ], "release_date": "2023-08-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-18T17:11:22+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Open Redirect vulnerability in FORM authentication" }, { "cve": "CVE-2023-44487", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2242803" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", "title": "Vulnerability summary" }, { "category": "other", "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "RHBZ#2242803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "category": "external", "summary": "RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/277", "url": "https://github.com/dotnet/announcements/issues/277" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" }, { "category": "external", "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-18T17:11:22+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4631" }, { "category": "workaround", "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-10-10T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)" }, { "acknowledgments": [ { "names": [ "Bartek Nowotarski" ], "organization": "nowotarski.info" } ], "cve": "CVE-2023-45288", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-03-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268273" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-45288" }, { "category": "external", "summary": "RHBZ#2268273", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288" }, { "category": "external", "summary": "https://nowotarski.info/http2-continuation-flood/", "url": "https://nowotarski.info/http2-continuation-flood/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2687", "url": "https://pkg.go.dev/vuln/GO-2024-2687" }, { "category": "external", "summary": "https://www.kb.cert.org/vuls/id/421644", "url": "https://www.kb.cert.org/vuls/id/421644" } ], "release_date": "2024-04-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-18T17:11:22+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4631" }, { "category": "workaround", "details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS" }, { "cve": "CVE-2023-45648", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-10-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2243749" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: incorrectly parsed http trailer headers can cause request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "The request smuggling is not guaranteed to have relevant information within every request and the scenario behind a reverse proxy which fails to handle the request too is necessary, hence the Moderate impact.\n\nThe Red Hat AMQ Broker team removed any tomcat dependencies in version 7.11.3. Please refer to https://errata.devel.redhat.com/advisory/121941.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-45648" }, { "category": "external", "summary": "RHBZ#2243749", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45648", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45648" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/10/10/10", "url": "http://www.openwall.com/lists/oss-security/2023/10/10/10" }, { "category": "external", "summary": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp", "url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-18T17:11:22+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4631" }, { "category": "workaround", "details": "No mitigation is currently available for this flaw.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: incorrectly parsed http trailer headers can cause request smuggling" } ] }
rhsa-2023_1047
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A new image is available for Red Hat Single Sign-On 7.6.2, running on Red\nHat OpenShift Container Platform from the release of 3.11 up to the release\nof 4.12.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices.\n\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* RH-SSO for OpenShift images: unsecured management interface exposed to adjacent network (CVE-2022-4039)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: XSS on izmpersonation under specific circumstances (CVE-2022-1438)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.2 for use\nwithin the Red Hat OpenShift Container Platform (from the release of 3.11\nup to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS)\nfor on-premise or private cloud deployments, aligning with the standalone\nproduct release.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1047", "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "2138971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971" }, { "category": "external", "summary": "2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "2143416", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143416" }, { "category": "external", "summary": "2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1047.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update", "tracking": { "current_release_date": "2024-11-08T08:04:14+00:00", "generator": { "date": "2024-11-08T08:04:14+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:1047", "initial_release_date": "2023-03-01T21:46:46+00:00", "revision_history": [ { "date": "2023-03-01T21:46:46+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-01T21:46:46+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-08T08:04:14+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Middleware Containers for OpenShift", "product": { "name": "Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhosemc:1.0::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", "product": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", "product_identification_helper": { "purl": "pkg:oci/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21?arch=s390x\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-20" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "product": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "product_identification_helper": { "purl": "pkg:oci/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60?arch=ppc64le\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-20" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "product": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "product_identification_helper": { "purl": "pkg:oci/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f?arch=amd64\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-20" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le as a component of Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le" }, "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "relates_to_product_reference": "8Base-RHOSE-Middleware" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64 as a component of Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64" }, "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "relates_to_product_reference": "8Base-RHOSE-Middleware" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x as a component of Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" }, "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", "relates_to_product_reference": "8Base-RHOSE-Middleware" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14040", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601614" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14040" }, { "category": "external", "summary": "RHBZ#1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute" }, { "cve": "CVE-2018-14042", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601617" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14042" }, { "category": "external", "summary": "RHBZ#1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip" }, { "cve": "CVE-2019-11358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1701972" } ], "notes": [ { "category": "description", "text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11358" }, { "category": "external", "summary": "RHBZ#1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" }, { "category": "external", "summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "category": "external", "summary": "https://www.drupal.org/sa-core-2019-006", "url": "https://www.drupal.org/sa-core-2019-006" } ], "release_date": "2019-03-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection" }, { "cve": "CVE-2020-11022", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-04-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828406" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", "title": "Vulnerability summary" }, { "category": "other", "text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11022" }, { "category": "external", "summary": "RHBZ#1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2" } ], "release_date": "2020-04-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method" }, { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "acknowledgments": [ { "names": [ "Marcus Nilsson" ], "organization": "usd AG" } ], "cve": "CVE-2022-1274", "cwe": { "id": "CWE-80", "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" }, "discovery_date": "2022-04-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073157" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: HTML injection in execute-actions-email Admin REST API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1274" }, { "category": "external", "summary": "RHBZ#2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1274", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1274" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725" } ], "release_date": "2023-02-28T18:57:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: HTML injection in execute-actions-email Admin REST API" }, { "acknowledgments": [ { "names": [ "Grzegorz Tworek" ], "organization": "SISOFT s.c." } ], "cve": "CVE-2022-1438", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031904" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: XSS on impersonation under specific circumstances", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1438" }, { "category": "external", "summary": "RHBZ#2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1438", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1438" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438" } ], "release_date": "2023-02-28T18:56:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: XSS on impersonation under specific circumstances" }, { "cve": "CVE-2022-1471", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150009" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", "title": "Vulnerability description" }, { "category": "summary", "text": "SnakeYaml: Constructor Deserialization Remote Code Execution", "title": "Vulnerability summary" }, { "category": "other", "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1471" }, { "category": "external", "summary": "RHBZ#2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "SnakeYaml: Constructor Deserialization Remote Code Execution" }, { "cve": "CVE-2022-2764", "discovery_date": "2022-08-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117506" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2764" }, { "category": "external", "summary": "RHBZ#2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2764", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2764" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764" } ], "release_date": "2022-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations" }, { "cve": "CVE-2022-3782", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-10-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2138971" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: path traversal via double URL encoding", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3782" }, { "category": "external", "summary": "RHBZ#2138971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3782", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3782" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782" } ], "release_date": "2022-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: path traversal via double URL encoding" }, { "acknowledgments": [ { "names": [ "Peter Flintholm" ], "organization": "Trifork" } ], "cve": "CVE-2022-3916", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2022-11-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2141404" } ], "notes": [ { "category": "description", "text": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Session takeover with OIDC offline refreshtokens", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3916" }, { "category": "external", "summary": "RHBZ#2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3916", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3916" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916" } ], "release_date": "2022-11-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Session takeover with OIDC offline refreshtokens" }, { "acknowledgments": [ { "names": [ "Thibault Guittet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-4039", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2022-11-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2143416" } ], "notes": [ { "category": "description", "text": "A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.", "title": "Vulnerability description" }, { "category": "summary", "text": "rhsso-container-image: unsecured management interface exposed to adjecent network", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4039" }, { "category": "external", "summary": "RHBZ#2143416", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143416" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4039", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4039" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4039", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4039" } ], "release_date": "2023-02-28T21:26:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "rhsso-container-image: unsecured management interface exposed to adjecent network" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" }, { "cve": "CVE-2022-37603", "cwe": { "id": "CWE-185", "name": "Incorrect Regular Expression" }, "discovery_date": "2022-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140597" } ], "notes": [ { "category": "description", "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37603" }, { "category": "external", "summary": "RHBZ#2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: Regular expression denial of service" }, { "cve": "CVE-2022-38749", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129706" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38749" }, { "category": "external", "summary": "RHBZ#2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode" }, { "cve": "CVE-2022-38750", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129707" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38750" }, { "category": "external", "summary": "RHBZ#2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject" }, { "cve": "CVE-2022-38751", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129709" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38751" }, { "category": "external", "summary": "RHBZ#2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match" }, { "cve": "CVE-2022-40149", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135771" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: parser crash by stackoverflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40149" }, { "category": "external", "summary": "RHBZ#2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: parser crash by stackoverflow" }, { "cve": "CVE-2022-40150", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135770" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: memory exhaustion via user-supplied XML or JSON data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40150" }, { "category": "external", "summary": "RHBZ#2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jettison: memory exhaustion via user-supplied XML or JSON data" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" }, { "cve": "CVE-2022-45047", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-11-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2145194" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "mina-sshd: Java unsafe deserialization vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45047" }, { "category": "external", "summary": "RHBZ#2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047" }, { "category": "external", "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html" } ], "release_date": "2022-11-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "category": "workaround", "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mina-sshd: Java unsafe deserialization vulnerability" }, { "cve": "CVE-2022-45693", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-12-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155970" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45693" }, { "category": "external", "summary": "RHBZ#2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" }, { "cve": "CVE-2022-46363", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155681" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: directory listing / code exfiltration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46363" }, { "category": "external", "summary": "RHBZ#2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363" }, { "category": "external", "summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "CXF: directory listing / code exfiltration" }, { "cve": "CVE-2022-46364", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155682" } ], "notes": [ { "category": "description", "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: SSRF Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46364" }, { "category": "external", "summary": "RHBZ#2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364" }, { "category": "external", "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2", "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "CXF: SSRF Vulnerability" }, { "acknowledgments": [ { "names": [ "Sourav Kumar" ], "organization": "https://github.com/souravs17031999", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0091", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-10-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2158585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Client Registration endpoint does not check token revocation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0091" }, { "category": "external", "summary": "RHBZ#2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0091", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0091" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg" }, { "category": "external", "summary": "https://github.com/keycloak/security/issues/27", "url": "https://github.com/keycloak/security/issues/27" } ], "release_date": "2022-10-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Client Registration endpoint does not check token revocation" }, { "acknowledgments": [ { "names": [ "Jordi Zayuelas i Mu\u00f1oz" ], "organization": "A1 Digital", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0264", "cwe": { "id": "CWE-303", "name": "Incorrect Implementation of Authentication Algorithm" }, "discovery_date": "2023-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2160585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u0027s OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: user impersonation via stolen uuid code", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0264" }, { "category": "external", "summary": "RHBZ#2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0264", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0264" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264" } ], "release_date": "2023-02-28T18:58:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:46:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: user impersonation via stolen uuid code" } ] }
rhsa-2023_1045
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1045", "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "2138971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971" }, { "category": "external", "summary": "2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1045.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 9", "tracking": { "current_release_date": "2024-11-08T08:03:35+00:00", "generator": { "date": "2024-11-08T08:03:35+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:1045", "initial_release_date": "2023-03-01T21:45:17+00:00", "revision_history": [ { "date": "2023-03-01T21:45:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-01T21:45:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-08T08:03:35+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "product_id": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1.el9sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.6-1.redhat_00001.1.el9sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14040", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601614" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14040" }, { "category": "external", "summary": "RHBZ#1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute" }, { "cve": "CVE-2018-14042", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601617" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14042" }, { "category": "external", "summary": "RHBZ#1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip" }, { "cve": "CVE-2019-11358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1701972" } ], "notes": [ { "category": "description", "text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11358" }, { "category": "external", "summary": "RHBZ#1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" }, { "category": "external", "summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "category": "external", "summary": "https://www.drupal.org/sa-core-2019-006", "url": "https://www.drupal.org/sa-core-2019-006" } ], "release_date": "2019-03-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection" }, { "cve": "CVE-2020-11022", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-04-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828406" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", "title": "Vulnerability summary" }, { "category": "other", "text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11022" }, { "category": "external", "summary": "RHBZ#1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2" } ], "release_date": "2020-04-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method" }, { "cve": "CVE-2020-11023", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1850004" } ], "notes": [ { "category": "description", "text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11023" }, { "category": "external", "summary": "RHBZ#1850004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023" }, { "category": "external", "summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" } ], "release_date": "2020-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods" }, { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "acknowledgments": [ { "names": [ "Marcus Nilsson" ], "organization": "usd AG" } ], "cve": "CVE-2022-1274", "cwe": { "id": "CWE-80", "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" }, "discovery_date": "2022-04-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073157" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: HTML injection in execute-actions-email Admin REST API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1274" }, { "category": "external", "summary": "RHBZ#2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1274", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1274" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725" } ], "release_date": "2023-02-28T18:57:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: HTML injection in execute-actions-email Admin REST API" }, { "acknowledgments": [ { "names": [ "Grzegorz Tworek" ], "organization": "SISOFT s.c." } ], "cve": "CVE-2022-1438", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031904" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: XSS on impersonation under specific circumstances", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1438" }, { "category": "external", "summary": "RHBZ#2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1438", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1438" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438" } ], "release_date": "2023-02-28T18:56:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: XSS on impersonation under specific circumstances" }, { "cve": "CVE-2022-1471", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150009" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", "title": "Vulnerability description" }, { "category": "summary", "text": "SnakeYaml: Constructor Deserialization Remote Code Execution", "title": "Vulnerability summary" }, { "category": "other", "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1471" }, { "category": "external", "summary": "RHBZ#2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "SnakeYaml: Constructor Deserialization Remote Code Execution" }, { "cve": "CVE-2022-2764", "discovery_date": "2022-08-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117506" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2764" }, { "category": "external", "summary": "RHBZ#2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2764", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2764" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764" } ], "release_date": "2022-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations" }, { "acknowledgments": [ { "names": [ "Peter Flintholm" ], "organization": "Trifork" } ], "cve": "CVE-2022-3916", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2022-11-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2141404" } ], "notes": [ { "category": "description", "text": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Session takeover with OIDC offline refreshtokens", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3916" }, { "category": "external", "summary": "RHBZ#2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3916", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3916" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916" } ], "release_date": "2022-11-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Session takeover with OIDC offline refreshtokens" }, { "cve": "CVE-2022-4137", "cwe": { "id": "CWE-81", "name": "Improper Neutralization of Script in an Error Message Web Page" }, "discovery_date": "2022-11-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2148496" } ], "notes": [ { "category": "description", "text": "A reflected cross-site scripting (XSS) vulnerability was found in the \u0027oob\u0027 OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: reflected XSS attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4137" }, { "category": "external", "summary": "RHBZ#2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4137", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137" } ], "release_date": "2023-03-01T13:56:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: reflected XSS attack" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" }, { "cve": "CVE-2022-37603", "cwe": { "id": "CWE-185", "name": "Incorrect Regular Expression" }, "discovery_date": "2022-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140597" } ], "notes": [ { "category": "description", "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37603" }, { "category": "external", "summary": "RHBZ#2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: Regular expression denial of service" }, { "cve": "CVE-2022-38749", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129706" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38749" }, { "category": "external", "summary": "RHBZ#2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode" }, { "cve": "CVE-2022-38750", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129707" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38750" }, { "category": "external", "summary": "RHBZ#2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject" }, { "cve": "CVE-2022-38751", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129709" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38751" }, { "category": "external", "summary": "RHBZ#2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match" }, { "cve": "CVE-2022-40149", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135771" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: parser crash by stackoverflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40149" }, { "category": "external", "summary": "RHBZ#2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: parser crash by stackoverflow" }, { "cve": "CVE-2022-40150", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135770" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: memory exhaustion via user-supplied XML or JSON data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40150" }, { "category": "external", "summary": "RHBZ#2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jettison: memory exhaustion via user-supplied XML or JSON data" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" }, { "cve": "CVE-2022-45047", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-11-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2145194" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "mina-sshd: Java unsafe deserialization vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45047" }, { "category": "external", "summary": "RHBZ#2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047" }, { "category": "external", "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html" } ], "release_date": "2022-11-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "category": "workaround", "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mina-sshd: Java unsafe deserialization vulnerability" }, { "cve": "CVE-2022-45693", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-12-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155970" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45693" }, { "category": "external", "summary": "RHBZ#2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" }, { "cve": "CVE-2022-46363", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155681" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: directory listing / code exfiltration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46363" }, { "category": "external", "summary": "RHBZ#2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363" }, { "category": "external", "summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "CXF: directory listing / code exfiltration" }, { "cve": "CVE-2022-46364", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155682" } ], "notes": [ { "category": "description", "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: SSRF Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46364" }, { "category": "external", "summary": "RHBZ#2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364" }, { "category": "external", "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2", "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "CXF: SSRF Vulnerability" }, { "acknowledgments": [ { "names": [ "Sourav Kumar" ], "organization": "https://github.com/souravs17031999", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0091", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-10-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2158585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Client Registration endpoint does not check token revocation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0091" }, { "category": "external", "summary": "RHBZ#2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0091", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0091" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg" }, { "category": "external", "summary": "https://github.com/keycloak/security/issues/27", "url": "https://github.com/keycloak/security/issues/27" } ], "release_date": "2022-10-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Client Registration endpoint does not check token revocation" }, { "acknowledgments": [ { "names": [ "Jordi Zayuelas i Mu\u00f1oz" ], "organization": "A1 Digital", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0264", "cwe": { "id": "CWE-303", "name": "Incorrect Implementation of Authentication Algorithm" }, "discovery_date": "2023-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2160585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u0027s OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: user impersonation via stolen uuid code", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0264" }, { "category": "external", "summary": "RHBZ#2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0264", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0264" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264" } ], "release_date": "2023-02-28T18:58:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: user impersonation via stolen uuid code" } ] }
rhsa-2023_1428
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The Migration Toolkit for Containers (MTC) 1.7.8 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* ua-parser-js: ReDoS vulnerability via the trim() function (CVE-2022-25927)\n\n* loader-utils: Regular expression denial of service (CVE-2022-37603)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\n* jszip: directory traversal via a crafted ZIP archive (CVE-2022-48285)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* The velero image cannot be overridden in the operator (BZ#2143389)\n\n* Adding a MigCluster from UI fails when the domain name has characters more than 6 (BZ#2152149)\n\n* UI fails to render the \u0027migrations\u0027 page: \"Cannot read properties of undefined (reading \u0027name\u0027)\" (BZ#2163485)\n\n* Creating DPA resource fails on OCP 4.6 clusters (BZ#2173742)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1428", "url": "https://access.redhat.com/errata/RHSA-2023:1428" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "2143389", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143389" }, { "category": "external", "summary": "2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "2152149", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152149" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683" }, { "category": "external", "summary": "2163485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163485" }, { "category": "external", "summary": "2165020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165020" }, { "category": "external", "summary": "2165797", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165797" }, { "category": "external", "summary": "2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "2173742", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173742" }, { "category": "external", "summary": "MIG-1298", "url": "https://issues.redhat.com/browse/MIG-1298" }, { "category": "external", "summary": "MIG-1315", "url": "https://issues.redhat.com/browse/MIG-1315" }, { "category": "external", "summary": "MIG-1318", "url": "https://issues.redhat.com/browse/MIG-1318" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1428.json" } ], "title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update", "tracking": { "current_release_date": "2024-11-06T02:39:06+00:00", "generator": { "date": "2024-11-06T02:39:06+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:1428", "initial_release_date": "2023-03-23T02:16:09+00:00", "revision_history": [ { "date": "2023-03-23T02:16:09+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-23T02:16:09+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T02:39:06+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "8Base-RHMTC-1.7", "product": { "name": "8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhmt:1.7::el8" } } } ], "category": "product_family", "name": "Red Hat Migration Toolkit" }, { "branches": [ { "category": "product_version", "name": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "product": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.8-6" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "product": { "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "product": { "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.8-10" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "product": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "product": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "product": { "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "product": { "name": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.8-10" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "product": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.8-10" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "product": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "product": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64", "product": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64", "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.8-5" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "product": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.8-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "product": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.8-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64", "product": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64", "product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.8-3" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64" }, "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64" }, "product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64" }, "product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64" }, "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64" }, "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64" }, "product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64" }, "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64" }, "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64" }, "product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64" }, "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" }, "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" }, "product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36567", "cwe": { "id": "CWE-117", "name": "Improper Output Neutralization for Logs" }, "discovery_date": "2022-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156683" } ], "notes": [ { "category": "description", "text": "A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.", "title": "Vulnerability description" }, { "category": "summary", "text": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36567" }, { "category": "external", "summary": "RHBZ#2156683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36567", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36567" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567" }, { "category": "external", "summary": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d", "url": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d" }, { "category": "external", "summary": "https://github.com/gin-gonic/gin/pull/2237", "url": "https://github.com/gin-gonic/gin/pull/2237" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2020-0001", "url": "https://pkg.go.dev/vuln/GO-2020-0001" } ], "release_date": "2022-12-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin" }, { "cve": "CVE-2022-24999", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150323" } ], "notes": [ { "category": "description", "text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: \"qs\" prototype poisoning causes the hang of the node process", "title": "Vulnerability summary" }, { "category": "other", "text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24999" }, { "category": "external", "summary": "RHBZ#2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999" }, { "category": "external", "summary": "https://github.com/expressjs/express/releases/tag/4.17.3", "url": "https://github.com/expressjs/express/releases/tag/4.17.3" }, { "category": "external", "summary": "https://github.com/ljharb/qs/pull/428", "url": "https://github.com/ljharb/qs/pull/428" }, { "category": "external", "summary": "https://github.com/n8tz/CVE-2022-24999", "url": "https://github.com/n8tz/CVE-2022-24999" } ], "release_date": "2022-11-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "express: \"qs\" prototype poisoning causes the hang of the node process" }, { "cve": "CVE-2022-25881", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-01-31T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2165824" } ], "notes": [ { "category": "description", "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25881" }, { "category": "external", "summary": "RHBZ#2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881" } ], "release_date": "2023-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability" }, { "cve": "CVE-2022-25927", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-01-27T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2165020" } ], "notes": [ { "category": "description", "text": "A flaw was found in ua-parser-js. This issue could allow a malicious user to trigger a regular expression denial of service (ReDoS) via the trim() function.", "title": "Vulnerability description" }, { "category": "summary", "text": "ua-parser-js: ReDoS vulnerability via the trim() function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25927" }, { "category": "external", "summary": "RHBZ#2165020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165020" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25927", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25927" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25927", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25927" } ], "release_date": "2023-01-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ua-parser-js: ReDoS vulnerability via the trim() function" }, { "cve": "CVE-2022-37603", "cwe": { "id": "CWE-185", "name": "Incorrect Regular Expression" }, "discovery_date": "2022-11-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140597" } ], "notes": [ { "category": "description", "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37603" }, { "category": "external", "summary": "RHBZ#2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: Regular expression denial of service" }, { "cve": "CVE-2022-38900", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170644" } ], "notes": [ { "category": "description", "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "decode-uri-component: improper input validation resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38900" }, { "category": "external", "summary": "RHBZ#2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900" }, { "category": "external", "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5", "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq" } ], "release_date": "2022-11-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "decode-uri-component: improper input validation resulting in DoS" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" }, { "cve": "CVE-2022-48285", "cwe": { "id": "CWE-23", "name": "Relative Path Traversal" }, "discovery_date": "2023-01-31T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2165797" } ], "notes": [ { "category": "description", "text": "A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with `loadAsync`, which makes the library vulnerable to a Zip Slip attack. By extracting files from a specially crafted archive, an attacker could gain access to parts of the file system outside of the target folder, overwrite the executable files, and execute arbitrary commands on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jszip: directory traversal via a crafted ZIP archive", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-48285" }, { "category": "external", "summary": "RHBZ#2165797", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165797" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-48285", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48285" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-48285", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48285" }, { "category": "external", "summary": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244499", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244499" }, { "category": "external", "summary": "https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15", "url": "https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15" }, { "category": "external", "summary": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0", "url": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0" }, { "category": "external", "summary": "https://www.mend.io/vulnerability-database/WS-2023-0004", "url": "https://www.mend.io/vulnerability-database/WS-2023-0004" } ], "release_date": "2023-01-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jszip: directory traversal via a crafted ZIP archive" } ] }
rhsa-2023_0634
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Logging Subsystem 5.6.1 - Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Logging Subsystem 5.6.1 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:0634", "url": "https://access.redhat.com/errata/RHSA-2023:0634" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "LOG-3397", "url": "https://issues.redhat.com/browse/LOG-3397" }, { "category": "external", "summary": "LOG-3441", "url": "https://issues.redhat.com/browse/LOG-3441" }, { "category": "external", "summary": "LOG-3463", "url": "https://issues.redhat.com/browse/LOG-3463" }, { "category": "external", "summary": "LOG-3477", "url": "https://issues.redhat.com/browse/LOG-3477" }, { "category": "external", "summary": "LOG-3494", "url": "https://issues.redhat.com/browse/LOG-3494" }, { "category": "external", "summary": "LOG-3496", "url": "https://issues.redhat.com/browse/LOG-3496" }, { "category": "external", "summary": "LOG-3510", "url": "https://issues.redhat.com/browse/LOG-3510" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0634.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update", "tracking": { "current_release_date": "2024-11-06T02:25:47+00:00", "generator": { "date": "2024-11-06T02:25:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:0634", "initial_release_date": "2023-02-09T14:01:04+00:00", "revision_history": [ { "date": "2023-02-09T14:01:04+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-02-09T14:01:04+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T02:25:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHOL 5.6 for RHEL 8", "product": { "name": "RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.6::el8" } } } ], "category": "product_family", "name": "logging for Red Hat OpenShift" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.1-13" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.1-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-275" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "product_id": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le", "product_id": "openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-80" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "product_id": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le", "product_id": "openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.3-2" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le", "product": { "name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le", "product_id": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le", "product": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le", "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.1-8" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le", "product_id": "openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.1-14" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-136" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.1-13" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.1-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-275" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64", "product_id": "openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-80" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "product_id": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64", "product_id": "openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.3-2" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "product": { "name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "product_id": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64", "product": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64", "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.1-8" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64", "product_id": "openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.1-14" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-136" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.1-13" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.6.1-40" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.1-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64", "product": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64", "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.6.1-33" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-275" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64", "product_id": "openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-80" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "product_id": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64", "product_id": "openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.3-2" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "product": { "name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "product_id": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64", "product": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64", "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.1-8" } } }, { "category": "product_version", "name": "openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64", "product": { "name": "openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64", "product_id": "openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64", "product_identification_helper": { "purl": "pkg:oci/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.6.1-34" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64", "product_id": "openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.1-14" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-136" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.1-13" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.1-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-331" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-91" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-275" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-285" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "product_id": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-72" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x", "product_id": "openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-80" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "product_id": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-322" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x", "product_id": "openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.3-2" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "product": { "name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "product_id": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-46" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x", "product": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x", "product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.1-8" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x", "product_id": "openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.1-14" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-136" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-43" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64" }, "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x" }, "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le" }, "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64" }, "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64" }, "product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64" }, "product_reference": "openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64" }, "product_reference": "openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x" }, "product_reference": "openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64 as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64" }, "product_reference": "openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "relates_to_product_reference": "8Base-RHOL-5.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le as a component of RHOL 5.6 for RHEL 8", "product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" }, "product_reference": "openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64" ], "known_not_affected": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-09T14:01:04+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0634" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64" ], "known_not_affected": [ "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:4c4de06a25a88af6dfda3848e2cdc66e2b81b0d11a8fb81043c1199ad215f43c_amd64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:03be01e2a187e591d247056d1dc1d2e0564ec5075a735f848106bdc7eb0d9604_arm64", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:465437255399bdcdce43ed7d8d7e190a29a7c2e4dfb1e2a3bf2a07aa595f5870_ppc64le", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:6186588280a47dfedda1867900c1fc7755ce39c3d5ebc2e0af6c0226e3b9f37e_s390x", "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:8f56f6cfcefce491100202c674fba06fed29d229d09fd403af684a8b0afc218a_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:aa657093086192be2ba284a9717fc954adef7586adc0eb14ea359c125fdc31bf_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:7118d1063e36241c329aba318e4e1e9b786ed190dcdcad4bd47bcbbb3ed403d1_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a9cfe6cfab32fde71adafc7610e002aaa0c46de9d650083d77b52b3a35703ead_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e3170b6c62d4bb4dc6ca77c57005ba71ddb844767d69dd13b61aa2e333577e8e_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:f24b8dd673576e03b5e759a3b906e176e1f72704050483d06e2403415e7ca9d7_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:6d1985607bf1731889bc8b9b5687ac4e2df9380c168822738107e949735d73d0_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:858101734cc768f08c2038dd4599a65d06ef542946b382a61345ea996f10767a_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:e8dc7be5875de9517b9e37c8d12e1ee2f392905605b781e17b0fde23f7aa58ea_arm64", "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f8203c8cb9811497d830c03be6ffd4fc62ec2f72201de7b33b113a3e37fca08c_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:7883cee3de6e04b2c740b3e24c1eaed17b89248a8415e97ab85e695dc6388598_amd64", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:a31f98d2deaf78d52c68a3f861ba09db418d1eba5db9b29cc78cc7a23cfb2675_s390x", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:acf7b739c2205fed8946d09d1c5ba2c7adeb2347fb18ac373c28618ad7d63299_ppc64le", "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c1c89eb7e7d5908c46db46dbc1e6eb80ed5f51fe994df0b7f6f9c4549975d406_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:4d45dc2403cdde02b556e5ee0ef8d09403bf602de26dbd291e7d4d173154d593_arm64", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c22141221795a43d5d7f62400a9e8a29a88426cc48d53ace5cd53b9e5fad179b_s390x", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:c65ce2a082ca42db7aa154a35e1e64b0ea97abad232411e28d64d7be0b8f7b40_ppc64le", "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:efb0d4ccc141ed513e1763aa3d3c290590f099f7ff6bc66a4f0fb05a1e816357_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:1d2905e0be14c3dfffb432cac00d24dbc1756c8d78e8a1a9e0ef7ebb86fbaf2e_amd64", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:25cb1899ebba4c94accd69793a3013feaa89a088f8e09700063b67034894860c_s390x", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:b009a0de0146e516bf076da58041e223e89ef9ef95fbf38008bce8dcaf717c88_ppc64le", "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:cf84cd05812a7cbceb56f44248d1bab0de685c8de5f67a581564f4b88878fcfb_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:20d4683b3d58dc8cecb212e4228f9be17683669f0468d3d5a19f79f9288bf050_ppc64le", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:c94e490f2db36788c4ef8fdfddf1f9015820fe566b521e5675e9c21ffd6dd268_arm64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:e469e40ff731d17a9e6139d7ea07dc6a3be04bbd0663f57aaa0df95ca4bd4015_amd64", "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:f417563e42f6c48b87c563d19211bf109d6f04294ad4c9c8d565a8f03e7a98f2_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:2e0198621752c21e91880c43e0e9422a47a9c0896a203db650627b94d0bdca3f_s390x", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:724138ce2f29e8f8e15a190b7b99f78f65130b6e3136defd419ba1e45cdb2fef_arm64", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:8ea6f2d793049e2c1e36d9680d9a10c5f9b36bbdeb9b04da046f12a8458889e1_ppc64le", "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:de74ce01341c7d828f2062761a0a55d26d9404c037660b5375e24d6852a75776_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:2b76bfa7e3dabcd5e31203b1516b3752754821be5973633809df5f436038fca3_amd64", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:61737b1377c29f3ae8fc1f3c2356d9045e3f223752284352a2b6ac0607e66b46_s390x", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:93ef5a826f9bb3c76cfea86883d2952a2014b03d9b61ce85dab9077c6f9676d4_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:e7cc396a0d1dcfdf37c644e07c3d25e808c030c0312a6a746b6518dd9eab08a5_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:257acfca5ea95a2443734651043cc4bc9698fce77ffdb8dd438e6702ea6d1a0f_s390x", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:6431e8d36b8089c41741d0c9d8b2afee23b9fe5a1553df8b0433d6c149eeb74d_arm64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:8e55c1309fcf5b635df75385793d0364ffeeb75d1d7d8a966bf0174f8308f41a_amd64", "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:ac309068afc8029bb3b1a695e986390c39223a2220a693dbc6a249a1976e1cfd_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:fb652cd58431d67de15da6104a87fa1ee984b92312d0e24bfa072086fbde8e5d_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:0ee8cba8efd1665a451a6a700b1502273a07fab98f857031279387c10b688d01_amd64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:19cd6ed87582909f2e4f494acc803267b08d37ccfd7875988d31a1ae92c4909b_arm64", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:af704079c23993c2bc5ddb76e0a3bbe166a6c979a723d0d3deba18c53372402c_ppc64le", "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:b6c4cdcbc4a88b65141f68a8e0339abef9e33781361be292c3ebca520b3c063a_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:4c9bc0d6da393a273f955ec5a2331802e55c0304c30946fe9f3a196ab65269cb_ppc64le", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:6f51024b22dbc8783fc54f9b60767cce627fad84340397bf2ca52fb154d1c8f8_arm64", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:b8eda223fa4d90bc54d4f387393ff7846119bd63354f0d6e9faae8d0b0b15ca8_s390x", "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:d6a62cc4d0ebaeed68237de8da34150e30bf1b3d360ecd72ec1bd1c5c6486d10_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:232ab968f4939f7033e766368b6b8bcee1c95b23f50d882046770389fc08d239_s390x", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ae2561c4d894a080f843f4e1c094800d4001bff0f5e85a6add7d9d80b026418a_arm64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:e29725dbfb9ec4987166b65635cc3d9cd51ef70dd4276ebe4440c4d838dc37cc_amd64", "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:ff883b736157042771802f19c84eb6c420736437dc74022127edcf277d7f0729_ppc64le", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:3e71263bd9c7f0654a1e6d301b6a48be3b08afb162f52466e7343c3dc651b8d1_arm64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:55bd4ac20eeb722e3f9d3f84f5f66917cfdea1e84e39c7580e5934b9e1317fdb_s390x", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:a8686cd3895df86eaf7bfb57113e3d8c99feeea34fdf8b0e84d536e902f0c791_amd64", "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:babd18762568da07bd303280429f825b736fe423c4122d402da8d2defd5df030_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-09T14:01:04+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0634" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:02eeaf7cdf47c1cf2c84585d1032643980c8ebc385f1940f2e3d361a7160a515_s390x", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:08a93c3c45b229cb3f245ed79da1fe160e68e3db898c388c98a951640835a8f3_ppc64le", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:9a82625e21b7787437cec2524b56886f72abf6a2a656a89c7ce1398e0bdef017_arm64", "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:cb503e4e0dd2313d8ebcc9e204c317af30ab0ec78ae51f0e932497db17a65ca1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" } ] }
rhsa-2023_1049
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n* Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1049", "url": "https://access.redhat.com/errata/RHSA-2023:1049" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "2097007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097007" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "2138971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971" }, { "category": "external", "summary": "2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1049.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update", "tracking": { "current_release_date": "2024-11-08T08:04:04+00:00", "generator": { "date": "2024-11-08T08:04:04+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:1049", "initial_release_date": "2023-03-01T21:58:17+00:00", "revision_history": [ { "date": "2023-03-01T21:58:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-01T21:58:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-08T08:04:04+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7", "product": { "name": "Red Hat Single Sign-On 7", "product_id": "Red Hat Single Sign-On 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14040", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601614" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14040" }, { "category": "external", "summary": "RHBZ#1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute" }, { "cve": "CVE-2018-14042", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601617" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14042" }, { "category": "external", "summary": "RHBZ#1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip" }, { "cve": "CVE-2019-11358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1701972" } ], "notes": [ { "category": "description", "text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11358" }, { "category": "external", "summary": "RHBZ#1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" }, { "category": "external", "summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "category": "external", "summary": "https://www.drupal.org/sa-core-2019-006", "url": "https://www.drupal.org/sa-core-2019-006" } ], "release_date": "2019-03-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection" }, { "cve": "CVE-2020-11022", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-04-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828406" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", "title": "Vulnerability summary" }, { "category": "other", "text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11022" }, { "category": "external", "summary": "RHBZ#1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2" } ], "release_date": "2020-04-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method" }, { "cve": "CVE-2020-11023", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1850004" } ], "notes": [ { "category": "description", "text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11023" }, { "category": "external", "summary": "RHBZ#1850004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023" }, { "category": "external", "summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" } ], "release_date": "2020-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods" }, { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "acknowledgments": [ { "names": [ "Marcus Nilsson" ], "organization": "usd AG" } ], "cve": "CVE-2022-1274", "cwe": { "id": "CWE-80", "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" }, "discovery_date": "2022-04-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073157" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: HTML injection in execute-actions-email Admin REST API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1274" }, { "category": "external", "summary": "RHBZ#2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1274", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1274" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725" } ], "release_date": "2023-02-28T18:57:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: HTML injection in execute-actions-email Admin REST API" }, { "acknowledgments": [ { "names": [ "Grzegorz Tworek" ], "organization": "SISOFT s.c." } ], "cve": "CVE-2022-1438", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031904" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: XSS on impersonation under specific circumstances", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1438" }, { "category": "external", "summary": "RHBZ#2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1438", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1438" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438" } ], "release_date": "2023-02-28T18:56:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: XSS on impersonation under specific circumstances" }, { "cve": "CVE-2022-1471", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150009" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", "title": "Vulnerability description" }, { "category": "summary", "text": "SnakeYaml: Constructor Deserialization Remote Code Execution", "title": "Vulnerability summary" }, { "category": "other", "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1471" }, { "category": "external", "summary": "RHBZ#2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "SnakeYaml: Constructor Deserialization Remote Code Execution" }, { "acknowledgments": [ { "names": [ "Ayta\u00e7 Kal\u0131nc\u0131", "Ilker Bulgurcu", "Yasin Y\u0131lmaz" ], "organization": "NETA\u015e PENTEST TEAM" } ], "cve": "CVE-2022-2237", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2022-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2097007" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.", "title": "Vulnerability description" }, { "category": "summary", "text": "Adapter: Open redirect vulnerability in checkSSO", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported. Therefore, this flaw will not be addressed in CodeReady Studio. Please see https://developers.redhat.com/articles/2022/04/18/announcement-red-hat-codeready-studio-reaches-end-life for more information.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2237" }, { "category": "external", "summary": "RHBZ#2097007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097007" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2237", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2237" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2237", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2237" } ], "release_date": "2023-03-01T13:57:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Adapter: Open redirect vulnerability in checkSSO" }, { "cve": "CVE-2022-2764", "discovery_date": "2022-08-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117506" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2764" }, { "category": "external", "summary": "RHBZ#2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2764", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2764" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764" } ], "release_date": "2022-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations" }, { "cve": "CVE-2022-3782", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-10-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2138971" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: path traversal via double URL encoding", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3782" }, { "category": "external", "summary": "RHBZ#2138971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3782", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3782" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782" } ], "release_date": "2022-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: path traversal via double URL encoding" }, { "acknowledgments": [ { "names": [ "Peter Flintholm" ], "organization": "Trifork" } ], "cve": "CVE-2022-3916", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2022-11-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2141404" } ], "notes": [ { "category": "description", "text": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Session takeover with OIDC offline refreshtokens", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3916" }, { "category": "external", "summary": "RHBZ#2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3916", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3916" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916" } ], "release_date": "2022-11-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Session takeover with OIDC offline refreshtokens" }, { "cve": "CVE-2022-4137", "cwe": { "id": "CWE-81", "name": "Improper Neutralization of Script in an Error Message Web Page" }, "discovery_date": "2022-11-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2148496" } ], "notes": [ { "category": "description", "text": "A reflected cross-site scripting (XSS) vulnerability was found in the \u0027oob\u0027 OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: reflected XSS attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4137" }, { "category": "external", "summary": "RHBZ#2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4137", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137" } ], "release_date": "2023-03-01T13:56:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: reflected XSS attack" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "Red Hat Single Sign-On 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" }, { "cve": "CVE-2022-37603", "cwe": { "id": "CWE-185", "name": "Incorrect Regular Expression" }, "discovery_date": "2022-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140597" } ], "notes": [ { "category": "description", "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37603" }, { "category": "external", "summary": "RHBZ#2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: Regular expression denial of service" }, { "cve": "CVE-2022-38749", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129706" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38749" }, { "category": "external", "summary": "RHBZ#2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode" }, { "cve": "CVE-2022-38750", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129707" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38750" }, { "category": "external", "summary": "RHBZ#2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject" }, { "cve": "CVE-2022-38751", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129709" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38751" }, { "category": "external", "summary": "RHBZ#2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match" }, { "cve": "CVE-2022-40149", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135771" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: parser crash by stackoverflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40149" }, { "category": "external", "summary": "RHBZ#2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: parser crash by stackoverflow" }, { "cve": "CVE-2022-40150", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135770" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: memory exhaustion via user-supplied XML or JSON data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40150" }, { "category": "external", "summary": "RHBZ#2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jettison: memory exhaustion via user-supplied XML or JSON data" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" }, { "cve": "CVE-2022-45047", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-11-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2145194" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "mina-sshd: Java unsafe deserialization vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45047" }, { "category": "external", "summary": "RHBZ#2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047" }, { "category": "external", "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html" } ], "release_date": "2022-11-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" }, { "category": "workaround", "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", "product_ids": [ "Red Hat Single Sign-On 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mina-sshd: Java unsafe deserialization vulnerability" }, { "cve": "CVE-2022-45693", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-12-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155970" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45693" }, { "category": "external", "summary": "RHBZ#2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" }, { "cve": "CVE-2022-46363", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155681" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: directory listing / code exfiltration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46363" }, { "category": "external", "summary": "RHBZ#2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363" }, { "category": "external", "summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "CXF: directory listing / code exfiltration" }, { "cve": "CVE-2022-46364", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155682" } ], "notes": [ { "category": "description", "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: SSRF Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46364" }, { "category": "external", "summary": "RHBZ#2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364" }, { "category": "external", "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2", "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "CXF: SSRF Vulnerability" }, { "acknowledgments": [ { "names": [ "Sourav Kumar" ], "organization": "https://github.com/souravs17031999", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0091", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-10-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2158585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Client Registration endpoint does not check token revocation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0091" }, { "category": "external", "summary": "RHBZ#2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0091", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0091" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg" }, { "category": "external", "summary": "https://github.com/keycloak/security/issues/27", "url": "https://github.com/keycloak/security/issues/27" } ], "release_date": "2022-10-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Client Registration endpoint does not check token revocation" }, { "acknowledgments": [ { "names": [ "Jordi Zayuelas i Mu\u00f1oz" ], "organization": "A1 Digital", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0264", "cwe": { "id": "CWE-303", "name": "Incorrect Implementation of Authentication Algorithm" }, "discovery_date": "2023-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2160585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u0027s OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: user impersonation via stolen uuid code", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0264" }, { "category": "external", "summary": "RHBZ#2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0264", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0264" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264" } ], "release_date": "2023-02-28T18:58:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:58:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: user impersonation via stolen uuid code" } ] }
rhsa-2023_3742
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.\n\nSecurity Fix(es):\n\n* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* vault: Hashicorp Vault AWS IAM Integration Authentication Bypass (CVE-2020-16250)\n\n* vault: GCP Auth Method Allows Authentication Bypass (CVE-2020-16251)\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* go-yaml: Denial of Service in go-yaml (CVE-2021-4235)\n\n* vault: incorrect policy enforcement (CVE-2021-43998)\n\n* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)\n\n* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)\n\n* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass (CVE-2022-23540)\n\n* jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC (CVE-2022-23541)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n\n* consul: Consul Template May Expose Vault Secrets When Processing Invalid Input (CVE-2022-38149)\n\n* vault: insufficient certificate revocation list checking (CVE-2022-41316)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)\n\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n\n* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\n* vault: Vault\u2019s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File (CVE-2023-0620)\n\n* hashicorp/vault: Vault\u2019s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata (CVE-2023-0665)\n\n* Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation (CVE-2023-24999)\n\n* hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations (CVE-2023-25000)\n\n* validator: Inefficient Regular Expression Complexity in Validator.js (CVE-2021-3765)\n\n* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:3742", "url": "https://access.redhat.com/errata/RHSA-2023:3742" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index" }, { "category": "external", "summary": "1786696", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786696" }, { "category": "external", "summary": "1855339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855339" }, { "category": "external", "summary": "1943137", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943137" }, { "category": "external", "summary": "1944687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944687" }, { "category": "external", "summary": "1989088", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989088" }, { "category": "external", "summary": "2005040", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005040" }, { "category": "external", "summary": "2005830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005830" }, { "category": "external", "summary": "2007557", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557" }, { "category": "external", "summary": "2028193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028193" }, { "category": "external", "summary": "2040839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "category": "external", "summary": "2040846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "category": "external", "summary": "2040856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "category": "external", "summary": "2040862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "category": "external", "summary": "2042914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042914" }, { "category": "external", "summary": "2052252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052252" }, { "category": "external", "summary": "2101497", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101497" }, { "category": "external", "summary": "2101916", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101916" }, { "category": "external", "summary": "2102304", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102304" }, { "category": "external", "summary": "2104148", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104148" }, { "category": "external", "summary": "2107388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, { "category": "external", "summary": "2113814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814" }, { "category": "external", "summary": "2115020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115020" }, { "category": "external", "summary": "2115616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115616" }, { "category": "external", "summary": "2119551", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119551" }, { "category": "external", "summary": "2120098", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120098" }, { "category": "external", "summary": "2120944", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120944" }, { "category": "external", "summary": "2124668", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668" }, { "category": "external", "summary": "2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "2126299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126299" }, { "category": "external", "summary": "2132867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867" }, { "category": "external", "summary": "2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "2135339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135339" }, { "category": "external", "summary": "2139037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139037" }, { "category": "external", "summary": "2141095", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141095" }, { "category": "external", "summary": "2142651", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142651" }, { "category": "external", "summary": "2142894", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142894" }, { "category": "external", "summary": "2142941", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142941" }, { "category": "external", "summary": "2143944", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143944" }, { "category": "external", "summary": "2144256", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144256" }, { "category": "external", "summary": "2151903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151903" }, { "category": "external", "summary": "2152143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152143" }, { "category": "external", "summary": "2154250", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154250" }, { "category": "external", "summary": "2155507", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155507" }, { "category": "external", "summary": "2155743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155743" }, { "category": "external", "summary": "2156067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156067" }, { "category": "external", "summary": "2156069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156069" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156519" }, { "category": "external", "summary": "2156727", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156727" }, { "category": "external", "summary": "2156729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156729" }, { "category": "external", "summary": "2157876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2157876" }, { "category": "external", "summary": "2158922", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158922" }, { "category": "external", "summary": "2159676", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159676" }, { "category": "external", "summary": "2161274", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274" }, { "category": "external", "summary": "2161879", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161879" }, { "category": "external", "summary": "2161937", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161937" }, { "category": "external", "summary": "2162257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162257" }, { "category": "external", "summary": "2164617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164617" }, { "category": "external", "summary": "2165495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165495" }, { "category": "external", "summary": "2165504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165504" }, { "category": "external", "summary": "2165929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165929" }, { "category": "external", "summary": "2165938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165938" }, { "category": "external", "summary": "2165984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165984" }, { "category": "external", "summary": "2166222", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166222" }, { "category": "external", "summary": "2166234", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166234" }, { "category": "external", "summary": "2166869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166869" }, { "category": "external", "summary": "2167299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167299" }, { "category": "external", "summary": "2167308", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167308" }, { "category": "external", "summary": "2167337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167337" }, { "category": "external", "summary": "2167340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167340" }, { "category": "external", "summary": "2167946", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167946" }, { "category": "external", "summary": "2168113", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168113" }, { "category": "external", "summary": "2168635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168635" }, { "category": "external", "summary": "2168840", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168840" }, { "category": "external", "summary": "2168849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168849" }, { "category": "external", "summary": "2169375", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169375" }, { "category": "external", "summary": "2169378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169378" }, { "category": "external", "summary": "2169779", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169779" }, { "category": "external", "summary": "2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "2170673", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170673" }, { "category": "external", "summary": "2172089", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172089" }, { "category": "external", "summary": "2172365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172365" }, { "category": "external", "summary": "2172521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172521" }, { "category": "external", "summary": "2173161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173161" }, { "category": "external", "summary": "2173528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173528" }, { "category": "external", "summary": "2173534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173534" }, { "category": "external", "summary": "2173926", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173926" }, { "category": "external", "summary": "2175612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175612" }, { "category": "external", "summary": "2175685", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175685" }, { "category": "external", "summary": "2175714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175714" }, { "category": "external", "summary": "2175867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175867" }, { "category": "external", "summary": "2176080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176080" }, { "category": "external", "summary": "2176456", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176456" }, { "category": "external", "summary": "2176739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176739" }, { "category": "external", "summary": "2176776", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176776" }, { "category": "external", "summary": "2176798", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176798" }, { "category": "external", "summary": "2176809", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176809" }, { "category": "external", "summary": "2177134", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177134" }, { "category": "external", "summary": "2177221", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177221" }, { "category": "external", "summary": "2177325", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177325" }, { "category": "external", "summary": "2177695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177695" }, { "category": "external", "summary": "2177844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177844" }, { "category": "external", "summary": "2178033", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178033" }, { "category": "external", "summary": "2178358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178358" }, { "category": "external", "summary": "2178488", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488" }, { "category": "external", "summary": "2178492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492" }, { "category": "external", "summary": "2178588", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178588" }, { "category": "external", "summary": "2178619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178619" }, { "category": "external", "summary": "2178682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178682" }, { "category": "external", "summary": "2179133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179133" }, { "category": "external", "summary": "2179337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179337" }, { "category": "external", "summary": "2179403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179403" }, { "category": "external", "summary": "2179846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179846" }, { "category": "external", "summary": "2179860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179860" }, { "category": "external", "summary": "2179976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179976" }, { "category": "external", "summary": "2179981", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179981" }, { "category": "external", "summary": "2179997", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179997" }, { "category": "external", "summary": "2180211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180211" }, { "category": "external", "summary": "2180397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180397" }, { "category": "external", "summary": "2180440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180440" }, { "category": "external", "summary": "2180921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180921" }, { "category": "external", "summary": "2181112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181112" }, { "category": "external", "summary": "2181133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181133" }, { "category": "external", "summary": "2181446", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181446" }, { "category": "external", "summary": "2181535", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181535" }, { "category": "external", "summary": "2181551", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181551" }, { "category": "external", "summary": "2181832", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181832" }, { "category": "external", "summary": "2181949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181949" }, { "category": "external", "summary": "2182041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182041" }, { "category": "external", "summary": "2182296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182296" }, { "category": "external", "summary": "2182375", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182375" }, { "category": "external", "summary": "2182644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182644" }, { "category": "external", "summary": "2182664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182664" }, { "category": "external", "summary": "2182703", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182703" }, { "category": "external", "summary": "2182972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182972" }, { "category": "external", "summary": "2182981", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182981" }, { "category": "external", "summary": "2183155", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183155" }, { "category": "external", "summary": "2183196", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183196" }, { "category": "external", "summary": "2183266", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183266" }, { "category": "external", "summary": "2183457", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183457" }, { "category": "external", "summary": "2183478", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183478" }, { "category": "external", "summary": "2183520", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183520" }, { "category": "external", "summary": "2184068", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184068" }, { "category": "external", "summary": "2184605", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184605" }, { "category": "external", "summary": "2184663", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184663" }, { "category": "external", "summary": "2184769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184769" }, { "category": "external", "summary": "2184773", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184773" }, { "category": "external", "summary": "2184892", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184892" }, { "category": "external", "summary": "2184984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184984" }, { "category": "external", "summary": "2185164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185164" }, { "category": "external", "summary": "2185188", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185188" }, { "category": "external", "summary": "2185757", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185757" }, { "category": "external", "summary": "2185871", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185871" }, { "category": "external", "summary": "2186171", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186171" }, { "category": "external", "summary": "2186225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186225" }, { "category": "external", "summary": "2186475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186475" }, { "category": "external", "summary": "2186752", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186752" }, { "category": "external", "summary": "2187251", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187251" }, { "category": "external", "summary": "2187296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187296" }, { "category": "external", "summary": "2187736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187736" }, { "category": "external", "summary": "2187952", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187952" }, { "category": "external", "summary": "2187969", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187969" }, { "category": "external", "summary": "2187986", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187986" }, { "category": "external", "summary": "2188053", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188053" }, { "category": "external", "summary": "2188238", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188238" }, { "category": "external", "summary": "2188303", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188303" }, { "category": "external", "summary": "2188427", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188427" }, { "category": "external", "summary": "2188666", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188666" }, { "category": "external", "summary": "2189483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189483" }, { "category": "external", "summary": "2189929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189929" }, { "category": "external", "summary": "2189982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189982" }, { "category": "external", "summary": "2189984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189984" }, { "category": "external", "summary": "2190129", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2190129" }, { "category": "external", "summary": "2190241", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2190241" }, { "category": "external", "summary": "2192088", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192088" }, { "category": "external", "summary": "2192670", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192670" }, { "category": "external", "summary": "2192824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192824" }, { "category": "external", "summary": "2192875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192875" }, { "category": "external", "summary": "2193114", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2193114" }, { "category": "external", "summary": "2193220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2193220" }, { "category": "external", "summary": "2196176", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196176" }, { "category": "external", "summary": "2196236", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196236" }, { "category": "external", "summary": "2196298", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196298" }, { "category": "external", "summary": "2203795", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203795" }, { "category": "external", "summary": "2208029", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208029" }, { "category": "external", "summary": "2208079", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208079" }, { "category": "external", "summary": "2208269", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208269" }, { "category": "external", "summary": "2208558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208558" }, { "category": "external", "summary": "2208962", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208962" }, { "category": "external", "summary": "2209364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209364" }, { "category": "external", "summary": "2209643", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209643" }, { "category": "external", "summary": "2209695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209695" }, { "category": "external", "summary": "2210964", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210964" }, { "category": "external", "summary": "2211334", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211334" }, { "category": "external", "summary": "2211343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211343" }, { "category": "external", "summary": "2211704", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211704" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3742.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update", "tracking": { "current_release_date": "2024-11-06T03:15:04+00:00", "generator": { "date": "2024-11-06T03:15:04+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:3742", "initial_release_date": "2023-06-21T15:22:11+00:00", "revision_history": [ { "date": "2023-06-21T15:22:11+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-06-22T19:51:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T03:15:04+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHODF 4.13 for RHEL 9", "product": { "name": "RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_data_foundation:4.13::el9" } } } ], "category": "product_family", "name": "Red Hat OpenShift Data Foundation" }, { "branches": [ { "category": "product_version", "name": "odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "product": { "name": "odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "product_id": "odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "product_identification_helper": { "purl": "pkg:oci/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed?arch=amd64\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel9\u0026tag=v4.13.0-35" } } }, { "category": "product_version", "name": "odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "product": { "name": "odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "product_id": "odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "product_identification_helper": { "purl": "pkg:oci/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-cli-rhel9\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "product": { "name": "odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "product_id": "odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "product_identification_helper": { "purl": "pkg:oci/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel9\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "product": { "name": "odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "product_id": "odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "product_identification_helper": { "purl": "pkg:oci/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "product": { "name": "odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "product_id": "odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "product_identification_helper": { "purl": "pkg:oci/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-rhel9-operator\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "product": { "name": "odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "product_id": "odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "product": { "name": "odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "product_id": "odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "product": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "product_id": "odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9\u0026tag=v4.13.0-78" } } }, { "category": "product_version", "name": "odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "product": { "name": "odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "product_id": "odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "product": { "name": "odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "product_id": "odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-rhel9-operator\u0026tag=v4.13.0-67" } } }, { "category": "product_version", "name": "odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "product": { "name": "odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "product_id": "odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel9\u0026tag=v4.13.0-85" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "product": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "product_id": "odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "product": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "product_id": "odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "product": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "product_id": "odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "product": { "name": "odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "product_id": "odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9\u0026tag=v4.13.0-81" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "product": { "name": "odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "product_id": "odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "product": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "product_id": "odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "product": { "name": "odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "product_id": "odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9\u0026tag=v4.13.0-35" } } }, { "category": "product_version", "name": "odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "product": { "name": "odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "product_id": "odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "product": { "name": "odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "product_id": "odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-rhel9-operator\u0026tag=v4.13.0-24" } } }, { "category": "product_version", "name": "odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "product": { "name": "odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "product_id": "odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "product_identification_helper": { "purl": "pkg:oci/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "product": { "name": "odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "product_id": "odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "product_identification_helper": { "purl": "pkg:oci/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.13.0-217" } } }, { "category": "product_version", "name": "odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "product": { "name": "odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "product_id": "odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "product_identification_helper": { "purl": "pkg:oci/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-rhel9-operator\u0026tag=v4.13.0-33" } } }, { "category": "product_version", "name": "odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "product": { "name": "odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "product_id": "odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "product_identification_helper": { "purl": "pkg:oci/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266?arch=amd64\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator\u0026tag=v4.13.0-70" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "product": { "name": "odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "product_id": "odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel9\u0026tag=v4.13.0-35" } } }, { "category": "product_version", "name": "odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "product": { "name": "odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "product_id": "odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-cli-rhel9\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "product": { "name": "odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "product_id": "odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel9\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "product": { "name": "odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "product_id": "odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "product": { "name": "odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "product_id": "odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-rhel9-operator\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "product": { "name": "odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "product_id": "odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "product": { "name": "odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "product_id": "odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "product": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "product_id": "odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9\u0026tag=v4.13.0-78" } } }, { "category": "product_version", "name": "odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "product": { "name": "odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "product_id": "odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "product": { "name": "odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "product_id": "odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-rhel9-operator\u0026tag=v4.13.0-67" } } }, { "category": "product_version", "name": "odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "product": { "name": "odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "product_id": "odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel9\u0026tag=v4.13.0-85" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "product": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "product_id": "odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "product": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "product_id": "odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "product": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "product_id": "odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "product": { "name": "odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "product_id": "odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9\u0026tag=v4.13.0-81" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "product": { "name": "odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "product_id": "odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "product": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "product_id": "odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "product": { "name": "odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "product_id": "odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9\u0026tag=v4.13.0-35" } } }, { "category": "product_version", "name": "odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "product": { "name": "odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "product_id": "odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "product": { "name": "odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "product_id": "odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-rhel9-operator\u0026tag=v4.13.0-24" } } }, { "category": "product_version", "name": "odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "product": { "name": "odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "product_id": "odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "product": { "name": "odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "product_id": "odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.13.0-217" } } }, { "category": "product_version", "name": "odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "product": { "name": "odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "product_id": "odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-rhel9-operator\u0026tag=v4.13.0-33" } } }, { "category": "product_version", "name": "odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le", "product": { "name": "odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le", "product_id": "odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator\u0026tag=v4.13.0-70" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "product": { "name": "odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "product_id": "odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "product_identification_helper": { "purl": "pkg:oci/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749?arch=s390x\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel9\u0026tag=v4.13.0-35" } } }, { "category": "product_version", "name": "odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "product": { "name": "odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "product_id": "odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "product_identification_helper": { "purl": "pkg:oci/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-cli-rhel9\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "product": { "name": "odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "product_id": "odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "product_identification_helper": { "purl": "pkg:oci/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel9\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "product": { "name": "odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "product_id": "odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "product_identification_helper": { "purl": "pkg:oci/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "product": { "name": "odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "product_id": "odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "product_identification_helper": { "purl": "pkg:oci/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-rhel9-operator\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "product": { "name": "odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "product_id": "odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "product": { "name": "odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "product_id": "odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "product": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "product_id": "odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9\u0026tag=v4.13.0-78" } } }, { "category": "product_version", "name": "odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "product": { "name": "odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "product_id": "odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "product": { "name": "odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "product_id": "odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-rhel9-operator\u0026tag=v4.13.0-67" } } }, { "category": "product_version", "name": "odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "product": { "name": "odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "product_id": "odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel9\u0026tag=v4.13.0-85" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "product": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "product_id": "odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "product": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "product_id": "odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "product": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "product_id": "odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "product": { "name": "odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "product_id": "odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9\u0026tag=v4.13.0-81" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "product": { "name": "odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "product_id": "odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "product": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "product_id": "odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "product": { "name": "odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "product_id": "odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9\u0026tag=v4.13.0-35" } } }, { "category": "product_version", "name": "odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "product": { "name": "odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "product_id": "odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "product": { "name": "odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "product_id": "odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-rhel9-operator\u0026tag=v4.13.0-24" } } }, { "category": "product_version", "name": "odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "product": { "name": "odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "product_id": "odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "product_identification_helper": { "purl": "pkg:oci/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "product": { "name": "odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "product_id": "odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "product_identification_helper": { "purl": "pkg:oci/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.13.0-217" } } }, { "category": "product_version", "name": "odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "product": { "name": "odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "product_id": "odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "product_identification_helper": { "purl": "pkg:oci/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-rhel9-operator\u0026tag=v4.13.0-33" } } }, { "category": "product_version", "name": "odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "product": { "name": "odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "product_id": "odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "product_identification_helper": { "purl": "pkg:oci/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f?arch=s390x\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator\u0026tag=v4.13.0-70" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "product": { "name": "odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "product_id": "odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "product_identification_helper": { "purl": "pkg:oci/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549?arch=arm64\u0026repository_url=registry.redhat.io/odf4/mcg-cli-rhel9\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "product": { "name": "odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "product_id": "odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "product_identification_helper": { "purl": "pkg:oci/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0?arch=arm64\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel9\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "product": { "name": "odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "product_id": "odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "product_identification_helper": { "purl": "pkg:oci/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac?arch=arm64\u0026repository_url=registry.redhat.io/odf4/mcg-rhel9-operator\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "product": { "name": "odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "product_id": "odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "product_identification_helper": { "purl": "pkg:oci/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990?arch=arm64\u0026repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "product": { "name": "odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "product_id": "odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "product_identification_helper": { "purl": "pkg:oci/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d?arch=arm64\u0026repository_url=registry.redhat.io/odf4/ocs-rhel9-operator\u0026tag=v4.13.0-67" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "product": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "product_id": "odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "product": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "product_id": "odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "product": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "product_id": "odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "product": { "name": "odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "product_id": "odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "product_identification_helper": { "purl": "pkg:oci/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9\u0026tag=v4.13.0-35" } } }, { "category": "product_version", "name": "odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "product": { "name": "odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "product_id": "odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "product_identification_helper": { "purl": "pkg:oci/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odf-rhel9-operator\u0026tag=v4.13.0-24" } } }, { "category": "product_version", "name": "odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "product": { "name": "odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "product_id": "odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "product_identification_helper": { "purl": "pkg:oci/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odr-rhel9-operator\u0026tag=v4.13.0-33" } } } ], "category": "architecture", "name": "arm64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64" }, "product_reference": "odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x" }, "product_reference": "odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le" }, "product_reference": "odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64" }, "product_reference": "odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64" }, "product_reference": "odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x" }, "product_reference": "odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le" }, "product_reference": "odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le" }, "product_reference": "odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x" }, "product_reference": "odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64" }, "product_reference": "odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" }, "product_reference": "odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le" }, "product_reference": "odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x" }, "product_reference": "odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64" }, "product_reference": "odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64" }, "product_reference": "odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x" }, "product_reference": "odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64" }, "product_reference": "odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" }, "product_reference": "odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x" }, "product_reference": "odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64" }, "product_reference": "odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le" }, "product_reference": "odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x" }, "product_reference": "odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64" }, "product_reference": "odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le" }, "product_reference": "odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64" }, "product_reference": "odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64" }, "product_reference": "odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le" }, "product_reference": "odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x" }, "product_reference": "odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le" }, "product_reference": "odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x" }, "product_reference": "odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64" }, "product_reference": "odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64" }, "product_reference": "odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64" }, "product_reference": "odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x" }, "product_reference": "odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le" }, "product_reference": "odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64" }, "product_reference": "odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le" }, "product_reference": "odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x" }, "product_reference": "odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le" }, "product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64" }, "product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x" }, "product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le" }, "product_reference": "odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x" }, "product_reference": "odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64" }, "product_reference": "odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64" }, "product_reference": "odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x" }, "product_reference": "odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64" }, "product_reference": "odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le" }, "product_reference": "odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64" }, "product_reference": "odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64" }, "product_reference": "odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le" }, "product_reference": "odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x" }, "product_reference": "odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le" }, "product_reference": "odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x" }, "product_reference": "odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64" }, "product_reference": "odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64" }, "product_reference": "odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64" }, "product_reference": "odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x" }, "product_reference": "odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le" }, "product_reference": "odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64" }, "product_reference": "odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64" }, "product_reference": "odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x" }, "product_reference": "odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le" }, "product_reference": "odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le" }, "product_reference": "odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x" }, "product_reference": "odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64" }, "product_reference": "odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x" }, "product_reference": "odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64" }, "product_reference": "odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64" }, "product_reference": "odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" }, "product_reference": "odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64" }, "product_reference": "odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x" }, "product_reference": "odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le" }, "product_reference": "odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64" }, "product_reference": "odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x" }, "product_reference": "odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le" }, "product_reference": "odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le" }, "product_reference": "odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64" }, "product_reference": "odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64" }, "product_reference": "odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" }, "product_reference": "odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x" }, "product_reference": "odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64" }, "product_reference": "odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" }, "product_reference": "odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-16250", "cwe": { "id": "CWE-345", "name": "Insufficient Verification of Data Authenticity" }, "discovery_date": "2023-02-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2167337" } ], "notes": [ { "category": "description", "text": "A flaw was found in Vault and Vault Enterprise (\u201cVault\u201d). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM identities and roles may be manipulated and bypass authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "vault: Hashicorp Vault AWS IAM Integration Authentication Bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-16250" }, { "category": "external", "summary": "RHBZ#2167337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-16250", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16250" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16250", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16250" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2020-16-vault-s-aws-auth-method-allows-authentication-bypass/18101", "url": "https://discuss.hashicorp.com/t/hcsec-2020-16-vault-s-aws-auth-method-allows-authentication-bypass/18101" } ], "release_date": "2020-08-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vault: Hashicorp Vault AWS IAM Integration Authentication Bypass" }, { "cve": "CVE-2020-16251", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2023-02-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2167340" } ], "notes": [ { "category": "description", "text": "A flaw was found in Vault and Vault Enterprise (\u201cVault\u201d). In affected versions of Vault, with the GCP Auth Method configured and under certain circumstances, the values relied upon by Vault to validate Google Compute Engine (GCE) VMs may be manipulated and bypass authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "vault: GCP Auth Method Allows Authentication Bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-16251" }, { "category": "external", "summary": "RHBZ#2167340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-16251", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16251" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16251", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16251" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2020-17-vault-s-gcp-auth-method-allows-authentication-bypass/18102", "url": "https://discuss.hashicorp.com/t/hcsec-2020-17-vault-s-gcp-auth-method-allows-authentication-bypass/18102" } ], "release_date": "2020-08-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vault: GCP Auth Method Allows Authentication Bypass" }, { "cve": "CVE-2021-3765", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2022-09-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126299" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the validator package. Affected versions of this package are vulnerable to Regular expression denial of service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "validator: Inefficient Regular Expression Complexity in Validator.js", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3765" }, { "category": "external", "summary": "RHBZ#2126299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126299" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3765", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3765" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3765", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3765" }, { "category": "external", "summary": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9", "url": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9" } ], "release_date": "2021-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "validator: Inefficient Regular Expression Complexity in Validator.js" }, { "cve": "CVE-2021-3807", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2007557" } ], "notes": [ { "category": "description", "text": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate.\n\nIn Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products.\n\nOpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as \u0027will not fix\u0027.\n\nAdvanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. \n\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3807" }, { "category": "external", "summary": "RHBZ#2007557", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3807", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807" }, { "category": "external", "summary": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994", "url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994" } ], "release_date": "2021-09-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes" }, { "cve": "CVE-2021-4235", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156727" } ], "notes": [ { "category": "description", "text": "A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.", "title": "Vulnerability description" }, { "category": "summary", "text": "go-yaml: Denial of Service in go-yaml", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-4235" }, { "category": "external", "summary": "RHBZ#2156727", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156727" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4235", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4235" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4235" }, { "category": "external", "summary": "https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241", "url": "https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241" }, { "category": "external", "summary": "https://github.com/go-yaml/yaml/pull/375", "url": "https://github.com/go-yaml/yaml/pull/375" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2021-0061", "url": "https://pkg.go.dev/vuln/GO-2021-0061" } ], "release_date": "2022-12-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "go-yaml: Denial of Service in go-yaml" }, { "cve": "CVE-2021-4238", "cwe": { "id": "CWE-331", "name": "Insufficient Entropy" }, "discovery_date": "2022-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156729" } ], "notes": [ { "category": "description", "text": "A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions.", "title": "Vulnerability description" }, { "category": "summary", "text": "goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-4238" }, { "category": "external", "summary": "RHBZ#2156729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156729" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4238", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4238" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4238", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4238" }, { "category": "external", "summary": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1", "url": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-3839-6r69-m497", "url": "https://github.com/advisories/GHSA-3839-6r69-m497" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2022-0411", "url": "https://pkg.go.dev/vuln/GO-2022-0411" } ], "release_date": "2022-12-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be" }, { "cve": "CVE-2021-43998", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "discovery_date": "2021-11-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2028193" } ], "notes": [ { "category": "description", "text": "A flaw was found in HashiCorp Vault. In affected versions of HashiCorp Vault and Vault Enterprise, templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement.", "title": "Vulnerability description" }, { "category": "summary", "text": "vault: incorrect policy enforcement", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43998" }, { "category": "external", "summary": "RHBZ#2028193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028193" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43998", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43998" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43998", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43998" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132", "url": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132" } ], "release_date": "2021-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vault: incorrect policy enforcement" }, { "cve": "CVE-2021-44531", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040839" } ], "notes": [ { "category": "description", "text": "A flaw was found in node.js where it accepted a certificate\u0027s Subject Alternative Names (SAN) entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Improper handling of URI Subject Alternative Names", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44531" }, { "category": "external", "summary": "RHBZ#2040839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44531", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Improper handling of URI Subject Alternative Names" }, { "cve": "CVE-2021-44532", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040846" } ], "notes": [ { "category": "description", "text": "It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Certificate Verification Bypass via String Injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44532" }, { "category": "external", "summary": "RHBZ#2040846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44532", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Certificate Verification Bypass via String Injection" }, { "cve": "CVE-2021-44533", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040856" } ], "notes": [ { "category": "description", "text": "A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Incorrect handling of certificate subject and issuer fields", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally, there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore, the Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44533" }, { "category": "external", "summary": "RHBZ#2040856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44533", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Incorrect handling of certificate subject and issuer fields" }, { "acknowledgments": [ { "names": [ "Adam Korczynski" ], "organization": "ADA Logics" }, { "names": [ "OSS-Fuzz" ] } ], "cve": "CVE-2022-2879", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132867" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: archive/tar: unbounded memory consumption when reading headers", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2879" }, { "category": "external", "summary": "RHBZ#2132867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879" }, { "category": "external", "summary": "https://github.com/golang/go/issues/54853", "url": "https://github.com/golang/go/issues/54853" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: archive/tar: unbounded memory consumption when reading headers" }, { "acknowledgments": [ { "names": [ "Daniel Abeles" ], "organization": "Head of Research, Oxeye" }, { "names": [ "Gal Goldstein" ], "organization": "Security Researcher, Oxeye" } ], "cve": "CVE-2022-2880", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132868" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2880" }, { "category": "external", "summary": "RHBZ#2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880" }, { "category": "external", "summary": "https://github.com/golang/go/issues/54663", "url": "https://github.com/golang/go/issues/54663" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters" }, { "cve": "CVE-2022-3517", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2022-06-01T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134609" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-minimatch: ReDoS via the braceExpand function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3517" }, { "category": "external", "summary": "RHBZ#2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517" } ], "release_date": "2022-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-minimatch: ReDoS via the braceExpand function" }, { "cve": "CVE-2022-21824", "cwe": { "id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes" }, "discovery_date": "2022-01-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040862" } ], "notes": [ { "category": "description", "text": "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js \u003e= 12.22.9, \u003e= 14.18.3, \u003e= 16.13.2, and \u003e= 17.3.1 use a null protoype for the object these properties are being assigned to.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Prototype pollution via console.table properties", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21824" }, { "category": "external", "summary": "RHBZ#2040862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21824", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs: Prototype pollution via console.table properties" }, { "cve": "CVE-2022-23540", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2023-02-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2169378" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jsonwebtoken library. In affected versions of the jsonwebtoken library, lack of algorithm definition and a falsy secret or key in the jwt.verify() function may lead to signature validation bypass due to defaulting to the none algorithm for signature verification.", "title": "Vulnerability description" }, { "category": "summary", "text": "jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23540" }, { "category": "external", "summary": "RHBZ#2169378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169378" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23540", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23540" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23540", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23540" }, { "category": "external", "summary": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6", "url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6" } ], "release_date": "2022-12-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass" }, { "cve": "CVE-2022-23541", "cwe": { "id": "CWE-1259", "name": "Improper Restriction of Security Token Assignment" }, "discovery_date": "2023-02-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2169375" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jsonwebtoken library. Affected versions of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function will result in incorrect verification of tokens. Using a different algorithm and key combination in verification than what was used to sign the tokens, specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to the successful validation of forged tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23541" }, { "category": "external", "summary": "RHBZ#2169375", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169375" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23541", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23541" }, { "category": "external", "summary": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959", "url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959" } ], "release_date": "2022-12-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC" }, { "cve": "CVE-2022-27664", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2124669" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: handle server errors after sending GOAWAY", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-27664" }, { "category": "external", "summary": "RHBZ#2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664" }, { "category": "external", "summary": "https://go.dev/issue/54658", "url": "https://go.dev/issue/54658" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" } ], "release_date": "2022-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: handle server errors after sending GOAWAY" }, { "cve": "CVE-2022-30635", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107388" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/gob: stack exhaustion in Decoder.Decode", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30635" }, { "category": "external", "summary": "RHBZ#2107388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635" }, { "category": "external", "summary": "https://go.dev/issue/53615", "url": "https://go.dev/issue/53615" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/gob: stack exhaustion in Decoder.Decode" }, { "cve": "CVE-2022-32189", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2113814" } ], "notes": [ { "category": "description", "text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32189" }, { "category": "external", "summary": "RHBZ#2113814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189" }, { "category": "external", "summary": "https://go.dev/issue/53871", "url": "https://go.dev/issue/53871" }, { "category": "external", "summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU", "url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU" } ], "release_date": "2022-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service" }, { "cve": "CVE-2022-32190", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2124668" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/url: JoinPath does not strip relative path components in all circumstances", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32190" }, { "category": "external", "summary": "RHBZ#2124668", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32190" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190" }, { "category": "external", "summary": "https://go.dev/issue/54385", "url": "https://go.dev/issue/54385" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" } ], "release_date": "2022-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/url: JoinPath does not strip relative path components in all circumstances" }, { "cve": "CVE-2022-38149", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2022-08-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2119551" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the HashiCorp Consul Template. This issue may reveal the contents of a Vault secret when used with an invalid template.", "title": "Vulnerability description" }, { "category": "summary", "text": "consul: Consul Template May Expose Vault Secrets When Processing Invalid Input", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38149" }, { "category": "external", "summary": "RHBZ#2119551", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119551" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38149" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hsec-2022-16-consul-template-may-expose-vault-secrets-when-processing-invalid-input/43215", "url": "https://discuss.hashicorp.com/t/hsec-2022-16-consul-template-may-expose-vault-secrets-when-processing-invalid-input/43215" } ], "release_date": "2022-08-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "consul: Consul Template May Expose Vault Secrets When Processing Invalid Input" }, { "cve": "CVE-2022-38900", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170644" } ], "notes": [ { "category": "description", "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "decode-uri-component: improper input validation resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38900" }, { "category": "external", "summary": "RHBZ#2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900" }, { "category": "external", "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5", "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq" } ], "release_date": "2022-11-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "decode-uri-component: improper input validation resulting in DoS" }, { "cve": "CVE-2022-41316", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135339" } ], "notes": [ { "category": "description", "text": "A flaw was found in HashiCorp Vault and Vault Enterprise. Vault\u2019s TLS certificate auth method did not initially load the optionally-configured CRL issued by the role\u2019s Certificate Authority (CA) into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved.", "title": "Vulnerability description" }, { "category": "summary", "text": "vault: insufficient certificate revocation list checking", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41316" }, { "category": "external", "summary": "RHBZ#2135339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135339" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41316", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41316" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41316", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41316" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483", "url": "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483" } ], "release_date": "2022-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vault: insufficient certificate revocation list checking" }, { "acknowledgments": [ { "names": [ "Adam Korczynski" ], "organization": "ADA Logics" }, { "names": [ "OSS-Fuzz" ] } ], "cve": "CVE-2022-41715", "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132872" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: regexp/syntax: limit memory used by parsing regexps", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41715" }, { "category": "external", "summary": "RHBZ#2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715" }, { "category": "external", "summary": "https://github.com/golang/go/issues/55949", "url": "https://github.com/golang/go/issues/55949" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: regexp/syntax: limit memory used by parsing regexps" }, { "cve": "CVE-2022-41717", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-01-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2161274" } ], "notes": [ { "category": "description", "text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests", "title": "Vulnerability summary" }, { "category": "other", "text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41717" }, { "category": "external", "summary": "RHBZ#2161274", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717" }, { "category": "external", "summary": "https://go.dev/cl/455635", "url": "https://go.dev/cl/455635" }, { "category": "external", "summary": "https://go.dev/cl/455717", "url": "https://go.dev/cl/455717" }, { "category": "external", "summary": "https://go.dev/issue/56350", "url": "https://go.dev/issue/56350" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2022-1144", "url": "https://pkg.go.dev/vuln/GO-2022-1144" } ], "release_date": "2022-11-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests" }, { "acknowledgments": [ { "names": [ "Philippe Antoine" ], "organization": "Catena Cyber" } ], "cve": "CVE-2022-41723", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2178358" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", "title": "Vulnerability summary" }, { "category": "other", "text": "Within OpenShift Container Platform, the maximum impact of this vulnerability is a denial of service against an individual container so the impact could not cascade across the entire infrastructure, this vulnerability is rated Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41723" }, { "category": "external", "summary": "RHBZ#2178358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178358" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41723", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", "url": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h" }, { "category": "external", "summary": "https://go.dev/cl/468135", "url": "https://go.dev/cl/468135" }, { "category": "external", "summary": "https://go.dev/cl/468295", "url": "https://go.dev/cl/468295" }, { "category": "external", "summary": "https://go.dev/issue/57855", "url": "https://go.dev/issue/57855" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-1571", "url": "https://pkg.go.dev/vuln/GO-2023-1571" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2023-1571.json", "url": "https://vuln.go.dev/ID/GO-2023-1571.json" } ], "release_date": "2023-02-17T14:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding" }, { "cve": "CVE-2022-41724", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2178492" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: large handshake records may cause panics", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41724" }, { "category": "external", "summary": "RHBZ#2178492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724" }, { "category": "external", "summary": "https://go.dev/cl/468125", "url": "https://go.dev/cl/468125" }, { "category": "external", "summary": "https://go.dev/issue/58001", "url": "https://go.dev/issue/58001" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-1570", "url": "https://pkg.go.dev/vuln/GO-2023-1570" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/tls: large handshake records may cause panics" }, { "cve": "CVE-2022-41725", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2178488" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, mime/multipart: denial of service from excessive resource consumption", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41725" }, { "category": "external", "summary": "RHBZ#2178488", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41725", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41725" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725" }, { "category": "external", "summary": "https://go.dev/cl/468124", "url": "https://go.dev/cl/468124" }, { "category": "external", "summary": "https://go.dev/issue/58006", "url": "https://go.dev/issue/58006" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-1569", "url": "https://pkg.go.dev/vuln/GO-2023-1569" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" }, { "cve": "CVE-2023-0620", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2023-04-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2184663" } ], "notes": [ { "category": "description", "text": "A flaw was found in HashiCorp Vault and Vault Enterprise, which are vulnerable to SQL injection. This flaw allows a local authenticated attacker to send specially-crafted SQL statements to the Microsoft SQL (MSSQL) Database Storage Backend, which could allow the attacker to view, add, modify, or delete information in the backend database.", "title": "Vulnerability description" }, { "category": "summary", "text": "vault: Vault\u2019s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0620" }, { "category": "external", "summary": "RHBZ#2184663", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184663" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0620", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0620" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0620", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0620" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080", "url": "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080" } ], "release_date": "2023-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vault: Vault\u2019s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File" }, { "cve": "CVE-2023-0665", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2023-03-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182981" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Hashicorp vault. Vault\u2019s PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in a denial of service of the PKI mount. This bug did not affect public or private key material, trust chains, or certificate issuance.", "title": "Vulnerability description" }, { "category": "summary", "text": "hashicorp/vault: Vault\u2019s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0665" }, { "category": "external", "summary": "RHBZ#2182981", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182981" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0665", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0665" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0665", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0665" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1", "url": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1" } ], "release_date": "2023-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hashicorp/vault: Vault\u2019s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata" }, { "cve": "CVE-2023-24999", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177844" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Hashicorp vault. When using the Vault and Vault Enterprise approle auth method, any authenticated user with access to the /auth/approle/role/:role_name/secret-id-accessor/destroy endpoint can destroy the secret ID of another role by providing the secret ID accessor.", "title": "Vulnerability description" }, { "category": "summary", "text": "Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24999" }, { "category": "external", "summary": "RHBZ#2177844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177844" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24999", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24999" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24999", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24999" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305", "url": "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation" }, { "cve": "CVE-2023-25000", "cwe": { "id": "CWE-208", "name": "Observable Timing Discrepancy" }, "discovery_date": "2023-03-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182972" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Hashicorp vault. This flaw allows an attacker with access to and the ability to observe a large number of unseal operations on the host through a side channel to reduce the search space of a brute-force effort to recover the Shamir shares.", "title": "Vulnerability description" }, { "category": "summary", "text": "hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25000" }, { "category": "external", "summary": "RHBZ#2182972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25000", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25000" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25000", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25000" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078", "url": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078" } ], "release_date": "2023-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations" } ] }
rhsa-2023_1043
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1043", "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "2138971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971" }, { "category": "external", "summary": "2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1043.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 7", "tracking": { "current_release_date": "2024-11-08T08:03:54+00:00", "generator": { "date": "2024-11-08T08:03:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:1043", "initial_release_date": "2023-03-01T22:02:40+00:00", "revision_history": [ { "date": "2023-03-01T22:02:40+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-01T22:02:40+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-08T08:03:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "product_id": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1.el7sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1.el7sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.6-1.redhat_00001.1.el7sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14040", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601614" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14040" }, { "category": "external", "summary": "RHBZ#1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute" }, { "cve": "CVE-2018-14042", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601617" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14042" }, { "category": "external", "summary": "RHBZ#1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip" }, { "cve": "CVE-2019-11358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1701972" } ], "notes": [ { "category": "description", "text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11358" }, { "category": "external", "summary": "RHBZ#1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" }, { "category": "external", "summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "category": "external", "summary": "https://www.drupal.org/sa-core-2019-006", "url": "https://www.drupal.org/sa-core-2019-006" } ], "release_date": "2019-03-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection" }, { "cve": "CVE-2020-11022", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-04-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828406" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", "title": "Vulnerability summary" }, { "category": "other", "text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11022" }, { "category": "external", "summary": "RHBZ#1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2" } ], "release_date": "2020-04-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method" }, { "cve": "CVE-2020-11023", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1850004" } ], "notes": [ { "category": "description", "text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11023" }, { "category": "external", "summary": "RHBZ#1850004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023" }, { "category": "external", "summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" } ], "release_date": "2020-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods" }, { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "acknowledgments": [ { "names": [ "Marcus Nilsson" ], "organization": "usd AG" } ], "cve": "CVE-2022-1274", "cwe": { "id": "CWE-80", "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" }, "discovery_date": "2022-04-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073157" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: HTML injection in execute-actions-email Admin REST API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1274" }, { "category": "external", "summary": "RHBZ#2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1274", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1274" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725" } ], "release_date": "2023-02-28T18:57:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: HTML injection in execute-actions-email Admin REST API" }, { "acknowledgments": [ { "names": [ "Grzegorz Tworek" ], "organization": "SISOFT s.c." } ], "cve": "CVE-2022-1438", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031904" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: XSS on impersonation under specific circumstances", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1438" }, { "category": "external", "summary": "RHBZ#2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1438", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1438" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438" } ], "release_date": "2023-02-28T18:56:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: XSS on impersonation under specific circumstances" }, { "cve": "CVE-2022-1471", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150009" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", "title": "Vulnerability description" }, { "category": "summary", "text": "SnakeYaml: Constructor Deserialization Remote Code Execution", "title": "Vulnerability summary" }, { "category": "other", "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1471" }, { "category": "external", "summary": "RHBZ#2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "SnakeYaml: Constructor Deserialization Remote Code Execution" }, { "cve": "CVE-2022-2764", "discovery_date": "2022-08-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117506" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2764" }, { "category": "external", "summary": "RHBZ#2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2764", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2764" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764" } ], "release_date": "2022-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations" }, { "acknowledgments": [ { "names": [ "Peter Flintholm" ], "organization": "Trifork" } ], "cve": "CVE-2022-3916", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2022-11-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2141404" } ], "notes": [ { "category": "description", "text": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Session takeover with OIDC offline refreshtokens", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3916" }, { "category": "external", "summary": "RHBZ#2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3916", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3916" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916" } ], "release_date": "2022-11-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Session takeover with OIDC offline refreshtokens" }, { "cve": "CVE-2022-4137", "cwe": { "id": "CWE-81", "name": "Improper Neutralization of Script in an Error Message Web Page" }, "discovery_date": "2022-11-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2148496" } ], "notes": [ { "category": "description", "text": "A reflected cross-site scripting (XSS) vulnerability was found in the \u0027oob\u0027 OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: reflected XSS attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4137" }, { "category": "external", "summary": "RHBZ#2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4137", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137" } ], "release_date": "2023-03-01T13:56:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: reflected XSS attack" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" }, { "cve": "CVE-2022-37603", "cwe": { "id": "CWE-185", "name": "Incorrect Regular Expression" }, "discovery_date": "2022-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140597" } ], "notes": [ { "category": "description", "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37603" }, { "category": "external", "summary": "RHBZ#2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: Regular expression denial of service" }, { "cve": "CVE-2022-38749", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129706" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38749" }, { "category": "external", "summary": "RHBZ#2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode" }, { "cve": "CVE-2022-38750", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129707" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38750" }, { "category": "external", "summary": "RHBZ#2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject" }, { "cve": "CVE-2022-38751", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129709" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38751" }, { "category": "external", "summary": "RHBZ#2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match" }, { "cve": "CVE-2022-40149", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135771" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: parser crash by stackoverflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40149" }, { "category": "external", "summary": "RHBZ#2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: parser crash by stackoverflow" }, { "cve": "CVE-2022-40150", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135770" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: memory exhaustion via user-supplied XML or JSON data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40150" }, { "category": "external", "summary": "RHBZ#2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jettison: memory exhaustion via user-supplied XML or JSON data" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" }, { "cve": "CVE-2022-45047", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-11-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2145194" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "mina-sshd: Java unsafe deserialization vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45047" }, { "category": "external", "summary": "RHBZ#2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047" }, { "category": "external", "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html" } ], "release_date": "2022-11-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "category": "workaround", "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mina-sshd: Java unsafe deserialization vulnerability" }, { "cve": "CVE-2022-45693", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-12-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155970" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45693" }, { "category": "external", "summary": "RHBZ#2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" }, { "cve": "CVE-2022-46363", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155681" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: directory listing / code exfiltration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46363" }, { "category": "external", "summary": "RHBZ#2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363" }, { "category": "external", "summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "CXF: directory listing / code exfiltration" }, { "cve": "CVE-2022-46364", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155682" } ], "notes": [ { "category": "description", "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: SSRF Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46364" }, { "category": "external", "summary": "RHBZ#2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364" }, { "category": "external", "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2", "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "CXF: SSRF Vulnerability" }, { "acknowledgments": [ { "names": [ "Sourav Kumar" ], "organization": "https://github.com/souravs17031999", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0091", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-10-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2158585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Client Registration endpoint does not check token revocation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0091" }, { "category": "external", "summary": "RHBZ#2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0091", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0091" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg" }, { "category": "external", "summary": "https://github.com/keycloak/security/issues/27", "url": "https://github.com/keycloak/security/issues/27" } ], "release_date": "2022-10-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Client Registration endpoint does not check token revocation" }, { "acknowledgments": [ { "names": [ "Jordi Zayuelas i Mu\u00f1oz" ], "organization": "A1 Digital", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0264", "cwe": { "id": "CWE-303", "name": "Incorrect Implementation of Authentication Algorithm" }, "discovery_date": "2023-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2160585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u0027s OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: user impersonation via stolen uuid code", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0264" }, { "category": "external", "summary": "RHBZ#2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0264", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0264" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264" } ], "release_date": "2023-02-28T18:58:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T22:02:40+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: user impersonation via stolen uuid code" } ] }
rhsa-2023_0934
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Migration Toolkit for Applications 6.0.1 release\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Migration Toolkit for Applications 6.0.1 Images\n\nSecurity Fix(es) from Bugzilla:\n\n* loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)\n\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* loader-utils:Regular expression denial of service (CVE-2022-37603)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:0934", "url": "https://access.redhat.com/errata/RHSA-2023:0934" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2134876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134876" }, { "category": "external", "summary": "2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "2142707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707" }, { "category": "external", "summary": "2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2156683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683" }, { "category": "external", "summary": "2161274", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274" }, { "category": "external", "summary": "MTA-103", "url": "https://issues.redhat.com/browse/MTA-103" }, { "category": "external", "summary": "MTA-106", "url": "https://issues.redhat.com/browse/MTA-106" }, { "category": "external", "summary": "MTA-122", "url": "https://issues.redhat.com/browse/MTA-122" }, { "category": "external", "summary": "MTA-123", "url": "https://issues.redhat.com/browse/MTA-123" }, { "category": "external", "summary": "MTA-127", "url": "https://issues.redhat.com/browse/MTA-127" }, { "category": "external", "summary": "MTA-131", "url": "https://issues.redhat.com/browse/MTA-131" }, { "category": "external", "summary": "MTA-36", "url": "https://issues.redhat.com/browse/MTA-36" }, { "category": "external", "summary": "MTA-44", "url": "https://issues.redhat.com/browse/MTA-44" }, { "category": "external", "summary": "MTA-49", "url": "https://issues.redhat.com/browse/MTA-49" }, { "category": "external", "summary": "MTA-59", "url": "https://issues.redhat.com/browse/MTA-59" }, { "category": "external", "summary": "MTA-65", "url": "https://issues.redhat.com/browse/MTA-65" }, { "category": "external", "summary": "MTA-72", "url": "https://issues.redhat.com/browse/MTA-72" }, { "category": "external", "summary": "MTA-73", "url": "https://issues.redhat.com/browse/MTA-73" }, { "category": "external", "summary": "MTA-74", "url": "https://issues.redhat.com/browse/MTA-74" }, { "category": "external", "summary": "MTA-76", "url": "https://issues.redhat.com/browse/MTA-76" }, { "category": "external", "summary": "MTA-77", "url": "https://issues.redhat.com/browse/MTA-77" }, { "category": "external", "summary": "MTA-80", "url": "https://issues.redhat.com/browse/MTA-80" }, { "category": "external", "summary": "MTA-82", "url": "https://issues.redhat.com/browse/MTA-82" }, { "category": "external", "summary": "MTA-85", "url": "https://issues.redhat.com/browse/MTA-85" }, { "category": "external", "summary": "MTA-88", "url": "https://issues.redhat.com/browse/MTA-88" }, { "category": "external", "summary": "MTA-92", "url": "https://issues.redhat.com/browse/MTA-92" }, { "category": "external", "summary": "MTA-96", "url": "https://issues.redhat.com/browse/MTA-96" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0934.json" } ], "title": "Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update", "tracking": { "current_release_date": "2024-11-06T02:30:40+00:00", "generator": { "date": "2024-11-06T02:30:40+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:0934", "initial_release_date": "2023-02-28T00:50:28+00:00", "revision_history": [ { "date": "2023-02-28T00:50:28+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-02-28T23:46:39+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T02:30:40+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "MTA 6.0 for RHEL 8", "product": { "name": "MTA 6.0 for RHEL 8", "product_id": "8Base-MTA-6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.0::el8" } } } ], "category": "product_family", "name": "Migration Toolkit for Applications" }, { "branches": [ { "category": "product_version", "name": "mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "product": { "name": "mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "product_id": "mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "product_identification_helper": { "purl": "pkg:oci/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-admin-addon-rhel8\u0026tag=6.0.1-8" } } }, { "category": "product_version", "name": "mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "product": { "name": "mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "product_id": "mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "product_identification_helper": { "purl": "pkg:oci/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-hub-rhel8\u0026tag=6.0.1-8" } } }, { "category": "product_version", "name": "mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "product": { "name": "mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "product_id": "mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "product_identification_helper": { "purl": "pkg:oci/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-rhel8-operator\u0026tag=6.0.1-8" } } }, { "category": "product_version", "name": "mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "product": { "name": "mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "product_id": "mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "product_identification_helper": { "purl": "pkg:oci/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-pathfinder-rhel8\u0026tag=6.0.1-6" } } }, { "category": "product_version", "name": "mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64", "product": { "name": "mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64", "product_id": "mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64", "product_identification_helper": { "purl": "pkg:oci/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-ui-rhel8\u0026tag=6.0.1-10" } } }, { "category": "product_version", "name": "mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64", "product": { "name": "mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64", "product_id": "mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64", "product_identification_helper": { "purl": "pkg:oci/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-windup-addon-rhel8\u0026tag=6.0.1-9" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64 as a component of MTA 6.0 for RHEL 8", "product_id": "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64" }, "product_reference": "mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "relates_to_product_reference": "8Base-MTA-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64 as a component of MTA 6.0 for RHEL 8", "product_id": "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64" }, "product_reference": "mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "relates_to_product_reference": "8Base-MTA-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64 as a component of MTA 6.0 for RHEL 8", "product_id": "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64" }, "product_reference": "mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "relates_to_product_reference": "8Base-MTA-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64 as a component of MTA 6.0 for RHEL 8", "product_id": "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64" }, "product_reference": "mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "relates_to_product_reference": "8Base-MTA-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64 as a component of MTA 6.0 for RHEL 8", "product_id": "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" }, "product_reference": "mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64", "relates_to_product_reference": "8Base-MTA-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64 as a component of MTA 6.0 for RHEL 8", "product_id": "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" }, "product_reference": "mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64", "relates_to_product_reference": "8Base-MTA-6.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36567", "cwe": { "id": "CWE-117", "name": "Improper Output Neutralization for Logs" }, "discovery_date": "2022-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156683" } ], "notes": [ { "category": "description", "text": "A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.", "title": "Vulnerability description" }, { "category": "summary", "text": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ], "known_not_affected": [ "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36567" }, { "category": "external", "summary": "RHBZ#2156683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36567", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36567" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567" }, { "category": "external", "summary": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d", "url": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d" }, { "category": "external", "summary": "https://github.com/gin-gonic/gin/pull/2237", "url": "https://github.com/gin-gonic/gin/pull/2237" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2020-0001", "url": "https://pkg.go.dev/vuln/GO-2020-0001" } ], "release_date": "2022-12-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-28T00:50:28+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0934" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin" }, { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ], "known_not_affected": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-28T00:50:28+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0934" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2022-24999", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150323" } ], "notes": [ { "category": "description", "text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: \"qs\" prototype poisoning causes the hang of the node process", "title": "Vulnerability summary" }, { "category": "other", "text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ], "known_not_affected": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24999" }, { "category": "external", "summary": "RHBZ#2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999" }, { "category": "external", "summary": "https://github.com/expressjs/express/releases/tag/4.17.3", "url": "https://github.com/expressjs/express/releases/tag/4.17.3" }, { "category": "external", "summary": "https://github.com/ljharb/qs/pull/428", "url": "https://github.com/ljharb/qs/pull/428" }, { "category": "external", "summary": "https://github.com/n8tz/CVE-2022-24999", "url": "https://github.com/n8tz/CVE-2022-24999" } ], "release_date": "2022-11-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-28T00:50:28+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0934" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "express: \"qs\" prototype poisoning causes the hang of the node process" }, { "cve": "CVE-2022-37601", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-10-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134876" } ], "notes": [ { "category": "description", "text": "A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: prototype pollution in function parseQuery in parseQuery.js", "title": "Vulnerability summary" }, { "category": "other", "text": "Packages shipped in Red Hat Enterprise Linux use \u0027loader-utils\u0027 as a transitive dependency. Thus, reducing the impact to Moderate.\n\nIn Red Hat containerized products like OCP and ODF, the vulnerable loader-utils NodeJS module is bundled as a transitive dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ], "known_not_affected": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37601" }, { "category": "external", "summary": "RHBZ#2134876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134876" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37601", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601" }, { "category": "external", "summary": "https://github.com/webpack/loader-utils/issues/212", "url": "https://github.com/webpack/loader-utils/issues/212" } ], "release_date": "2022-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-28T00:50:28+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0934" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: prototype pollution in function parseQuery in parseQuery.js" }, { "cve": "CVE-2022-37603", "cwe": { "id": "CWE-185", "name": "Incorrect Regular Expression" }, "discovery_date": "2022-11-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140597" } ], "notes": [ { "category": "description", "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ], "known_not_affected": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37603" }, { "category": "external", "summary": "RHBZ#2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-28T00:50:28+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0934" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: Regular expression denial of service" }, { "cve": "CVE-2022-41717", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-01-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2161274" } ], "notes": [ { "category": "description", "text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests", "title": "Vulnerability summary" }, { "category": "other", "text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ], "known_not_affected": [ "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41717" }, { "category": "external", "summary": "RHBZ#2161274", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717" }, { "category": "external", "summary": "https://go.dev/cl/455635", "url": "https://go.dev/cl/455635" }, { "category": "external", "summary": "https://go.dev/cl/455717", "url": "https://go.dev/cl/455717" }, { "category": "external", "summary": "https://go.dev/issue/56350", "url": "https://go.dev/issue/56350" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2022-1144", "url": "https://pkg.go.dev/vuln/GO-2022-1144" } ], "release_date": "2022-11-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-28T00:50:28+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0934" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests" }, { "cve": "CVE-2022-42920", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-11-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2142707" } ], "notes": [ { "category": "description", "text": "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.", "title": "Vulnerability description" }, { "category": "summary", "text": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing", "title": "Vulnerability summary" }, { "category": "other", "text": "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ], "known_not_affected": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42920" }, { "category": "external", "summary": "RHBZ#2142707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42920", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42920" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920" }, { "category": "external", "summary": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4", "url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4" } ], "release_date": "2022-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-28T00:50:28+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0934" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ], "known_not_affected": [ "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64", "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64", "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64", "8Base-MTA-6.0:mta/mta-rhel8-operator@sha256:7f145fc5723fd09324500de359146c2967a8b8f960dac4b862352faf2cb592c4_amd64", "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-28T00:50:28+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0934" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" } ] }
rhsa-2023_1044
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1044", "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "2138971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971" }, { "category": "external", "summary": "2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1044.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 8", "tracking": { "current_release_date": "2024-11-08T08:03:45+00:00", "generator": { "date": "2024-11-08T08:03:45+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:1044", "initial_release_date": "2023-03-01T21:45:12+00:00", "revision_history": [ { "date": "2023-03-01T21:45:12+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-01T21:45:12+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-08T08:03:45+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "product_id": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1.el8sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1.el8sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.6-1.redhat_00001.1.el8sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14040", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601614" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14040" }, { "category": "external", "summary": "RHBZ#1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute" }, { "cve": "CVE-2018-14042", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601617" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14042" }, { "category": "external", "summary": "RHBZ#1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip" }, { "cve": "CVE-2019-11358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1701972" } ], "notes": [ { "category": "description", "text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11358" }, { "category": "external", "summary": "RHBZ#1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" }, { "category": "external", "summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "category": "external", "summary": "https://www.drupal.org/sa-core-2019-006", "url": "https://www.drupal.org/sa-core-2019-006" } ], "release_date": "2019-03-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection" }, { "cve": "CVE-2020-11022", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-04-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828406" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", "title": "Vulnerability summary" }, { "category": "other", "text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11022" }, { "category": "external", "summary": "RHBZ#1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2" } ], "release_date": "2020-04-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method" }, { "cve": "CVE-2020-11023", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1850004" } ], "notes": [ { "category": "description", "text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11023" }, { "category": "external", "summary": "RHBZ#1850004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023" }, { "category": "external", "summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" } ], "release_date": "2020-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods" }, { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "acknowledgments": [ { "names": [ "Marcus Nilsson" ], "organization": "usd AG" } ], "cve": "CVE-2022-1274", "cwe": { "id": "CWE-80", "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" }, "discovery_date": "2022-04-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073157" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: HTML injection in execute-actions-email Admin REST API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1274" }, { "category": "external", "summary": "RHBZ#2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1274", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1274" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725" } ], "release_date": "2023-02-28T18:57:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: HTML injection in execute-actions-email Admin REST API" }, { "acknowledgments": [ { "names": [ "Grzegorz Tworek" ], "organization": "SISOFT s.c." } ], "cve": "CVE-2022-1438", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031904" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: XSS on impersonation under specific circumstances", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1438" }, { "category": "external", "summary": "RHBZ#2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1438", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1438" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438" } ], "release_date": "2023-02-28T18:56:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: XSS on impersonation under specific circumstances" }, { "cve": "CVE-2022-1471", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150009" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", "title": "Vulnerability description" }, { "category": "summary", "text": "SnakeYaml: Constructor Deserialization Remote Code Execution", "title": "Vulnerability summary" }, { "category": "other", "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1471" }, { "category": "external", "summary": "RHBZ#2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "SnakeYaml: Constructor Deserialization Remote Code Execution" }, { "cve": "CVE-2022-2764", "discovery_date": "2022-08-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117506" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2764" }, { "category": "external", "summary": "RHBZ#2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2764", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2764" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764" } ], "release_date": "2022-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations" }, { "acknowledgments": [ { "names": [ "Peter Flintholm" ], "organization": "Trifork" } ], "cve": "CVE-2022-3916", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2022-11-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2141404" } ], "notes": [ { "category": "description", "text": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Session takeover with OIDC offline refreshtokens", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3916" }, { "category": "external", "summary": "RHBZ#2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3916", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3916" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916" } ], "release_date": "2022-11-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Session takeover with OIDC offline refreshtokens" }, { "cve": "CVE-2022-4137", "cwe": { "id": "CWE-81", "name": "Improper Neutralization of Script in an Error Message Web Page" }, "discovery_date": "2022-11-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2148496" } ], "notes": [ { "category": "description", "text": "A reflected cross-site scripting (XSS) vulnerability was found in the \u0027oob\u0027 OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: reflected XSS attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4137" }, { "category": "external", "summary": "RHBZ#2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4137", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137" } ], "release_date": "2023-03-01T13:56:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: reflected XSS attack" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" }, { "cve": "CVE-2022-37603", "cwe": { "id": "CWE-185", "name": "Incorrect Regular Expression" }, "discovery_date": "2022-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140597" } ], "notes": [ { "category": "description", "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37603" }, { "category": "external", "summary": "RHBZ#2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: Regular expression denial of service" }, { "cve": "CVE-2022-38749", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129706" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38749" }, { "category": "external", "summary": "RHBZ#2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode" }, { "cve": "CVE-2022-38750", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129707" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38750" }, { "category": "external", "summary": "RHBZ#2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject" }, { "cve": "CVE-2022-38751", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129709" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38751" }, { "category": "external", "summary": "RHBZ#2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match" }, { "cve": "CVE-2022-40149", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135771" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: parser crash by stackoverflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40149" }, { "category": "external", "summary": "RHBZ#2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: parser crash by stackoverflow" }, { "cve": "CVE-2022-40150", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135770" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: memory exhaustion via user-supplied XML or JSON data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40150" }, { "category": "external", "summary": "RHBZ#2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jettison: memory exhaustion via user-supplied XML or JSON data" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" }, { "cve": "CVE-2022-45047", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-11-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2145194" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "mina-sshd: Java unsafe deserialization vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45047" }, { "category": "external", "summary": "RHBZ#2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047" }, { "category": "external", "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html" } ], "release_date": "2022-11-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "category": "workaround", "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mina-sshd: Java unsafe deserialization vulnerability" }, { "cve": "CVE-2022-45693", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-12-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155970" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45693" }, { "category": "external", "summary": "RHBZ#2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" }, { "cve": "CVE-2022-46363", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155681" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: directory listing / code exfiltration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46363" }, { "category": "external", "summary": "RHBZ#2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363" }, { "category": "external", "summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "CXF: directory listing / code exfiltration" }, { "cve": "CVE-2022-46364", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155682" } ], "notes": [ { "category": "description", "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: SSRF Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46364" }, { "category": "external", "summary": "RHBZ#2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364" }, { "category": "external", "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2", "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "CXF: SSRF Vulnerability" }, { "acknowledgments": [ { "names": [ "Sourav Kumar" ], "organization": "https://github.com/souravs17031999", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0091", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-10-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2158585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Client Registration endpoint does not check token revocation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0091" }, { "category": "external", "summary": "RHBZ#2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0091", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0091" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg" }, { "category": "external", "summary": "https://github.com/keycloak/security/issues/27", "url": "https://github.com/keycloak/security/issues/27" } ], "release_date": "2022-10-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Client Registration endpoint does not check token revocation" }, { "acknowledgments": [ { "names": [ "Jordi Zayuelas i Mu\u00f1oz" ], "organization": "A1 Digital", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0264", "cwe": { "id": "CWE-303", "name": "Incorrect Implementation of Authentication Algorithm" }, "discovery_date": "2023-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2160585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u0027s OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: user impersonation via stolen uuid code", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0264" }, { "category": "external", "summary": "RHBZ#2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0264", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0264" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264" } ], "release_date": "2023-02-28T18:58:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-01T21:45:12+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: user impersonation via stolen uuid code" } ] }
ghsa-9c47-m6qq-7p4h
Vulnerability from github
The parse
method of the JSON5 library before and including version 2.2.1
does not restrict parsing of keys named __proto__
, allowing specially crafted strings to pollute the prototype of the resulting object.
This vulnerability pollutes the prototype of the object returned by JSON5.parse
and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations.
Impact
This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse
. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution.
Mitigation
This vulnerability is patched in json5 v2.2.2 and later. A patch has also been backported for json5 v1 in versions v1.0.2 and later.
Details
Suppose a developer wants to allow users and admins to perform some risky operation, but they want to restrict what non-admins can do. To accomplish this, they accept a JSON blob from the user, parse it using JSON5.parse
, confirm that the provided data does not set some sensitive keys, and then performs the risky operation using the validated data:
```js const JSON5 = require('json5');
const doSomethingDangerous = (props) => { if (props.isAdmin) { console.log('Doing dangerous thing as admin.'); } else { console.log('Doing dangerous thing as user.'); } };
const secCheckKeysSet = (obj, searchKeys) => { let searchKeyFound = false; Object.keys(obj).forEach((key) => { if (searchKeys.indexOf(key) > -1) { searchKeyFound = true; } }); return searchKeyFound; };
const props = JSON5.parse('{"foo": "bar"}'); if (!secCheckKeysSet(props, ['isAdmin', 'isMod'])) { doSomethingDangerous(props); // "Doing dangerous thing as user." } else { throw new Error('Forbidden...'); } ```
If the user attempts to set the isAdmin
key, their request will be rejected:
js
const props = JSON5.parse('{"foo": "bar", "isAdmin": true}');
if (!secCheckKeysSet(props, ['isAdmin', 'isMod'])) {
doSomethingDangerous(props);
} else {
throw new Error('Forbidden...'); // Error: Forbidden...
}
However, users can instead set the __proto__
key to {"isAdmin": true}
. JSON5
will parse this key and will set the isAdmin
key on the prototype of the returned object, allowing the user to bypass the security check and run their request as an admin:
js
const props = JSON5.parse('{"foo": "bar", "__proto__": {"isAdmin": true}}');
if (!secCheckKeysSet(props, ['isAdmin', 'isMod'])) {
doSomethingDangerous(props); // "Doing dangerous thing as admin."
} else {
throw new Error('Forbidden...');
}
{ "affected": [ { "package": { "ecosystem": "npm", "name": "json5" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.2.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "npm", "name": "json5" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.0.2" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2022-46175" ], "database_specific": { "cwe_ids": [ "CWE-1321" ], "github_reviewed": true, "github_reviewed_at": "2022-12-29T01:51:03Z", "nvd_published_at": "2022-12-24T04:15:00Z", "severity": "HIGH" }, "details": "The `parse` method of the JSON5 library before and including version `2.2.1` does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object.\n\nThis vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations.\n\n## Impact\nThis vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution.\n\n## Mitigation\nThis vulnerability is patched in json5 v2.2.2 and later. A patch has also been backported for json5 v1 in versions v1.0.2 and later.\n\n## Details\n \nSuppose a developer wants to allow users and admins to perform some risky operation, but they want to restrict what non-admins can do. To accomplish this, they accept a JSON blob from the user, parse it using `JSON5.parse`, confirm that the provided data does not set some sensitive keys, and then performs the risky operation using the validated data:\n \n```js\nconst JSON5 = require(\u0027json5\u0027);\n\nconst doSomethingDangerous = (props) =\u003e {\n if (props.isAdmin) {\n console.log(\u0027Doing dangerous thing as admin.\u0027);\n } else {\n console.log(\u0027Doing dangerous thing as user.\u0027);\n }\n};\n\nconst secCheckKeysSet = (obj, searchKeys) =\u003e {\n let searchKeyFound = false;\n Object.keys(obj).forEach((key) =\u003e {\n if (searchKeys.indexOf(key) \u003e -1) {\n searchKeyFound = true;\n }\n });\n return searchKeyFound;\n};\n\nconst props = JSON5.parse(\u0027{\"foo\": \"bar\"}\u0027);\nif (!secCheckKeysSet(props, [\u0027isAdmin\u0027, \u0027isMod\u0027])) {\n doSomethingDangerous(props); // \"Doing dangerous thing as user.\"\n} else {\n throw new Error(\u0027Forbidden...\u0027);\n}\n```\n \nIf the user attempts to set the `isAdmin` key, their request will be rejected:\n \n```js\nconst props = JSON5.parse(\u0027{\"foo\": \"bar\", \"isAdmin\": true}\u0027);\nif (!secCheckKeysSet(props, [\u0027isAdmin\u0027, \u0027isMod\u0027])) {\n doSomethingDangerous(props);\n} else {\n throw new Error(\u0027Forbidden...\u0027); // Error: Forbidden...\n}\n```\n \nHowever, users can instead set the `__proto__` key to `{\"isAdmin\": true}`. `JSON5` will parse this key and will set the `isAdmin` key on the prototype of the returned object, allowing the user to bypass the security check and run their request as an admin:\n \n```js\nconst props = JSON5.parse(\u0027{\"foo\": \"bar\", \"__proto__\": {\"isAdmin\": true}}\u0027);\nif (!secCheckKeysSet(props, [\u0027isAdmin\u0027, \u0027isMod\u0027])) {\n doSomethingDangerous(props); // \"Doing dangerous thing as admin.\"\n} else {\n throw new Error(\u0027Forbidden...\u0027);\n}\n ```", "id": "GHSA-9c47-m6qq-7p4h", "modified": "2024-02-13T21:31:39Z", "published": "2022-12-29T01:51:03Z", "references": [ { "type": "WEB", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "type": "WEB", "url": "https://github.com/json5/json5/issues/199" }, { "type": "WEB", "url": "https://github.com/json5/json5/issues/295" }, { "type": "WEB", "url": "https://github.com/json5/json5/pull/298" }, { "type": "WEB", "url": "https://github.com/json5/json5/commit/62a65408408d40aeea14c7869ed327acead12972" }, { "type": "WEB", "url": "https://github.com/json5/json5/commit/7774c1097993bc3ce9f0ac4b722a32bf7d6871c8" }, { "type": "PACKAGE", "url": "https://github.com/json5/json5" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00021.html" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3S26TLPLVFAJTUN3VIXFDEBEXDYO22CE" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H", "type": "CVSS_V3" } ], "summary": "Prototype Pollution in JSON5 via Parse Method" }
gsd-2022-46175
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2022-46175", "id": "GSD-2022-46175", "references": [ "https://access.redhat.com/errata/RHSA-2023:0634", "https://access.redhat.com/errata/RHSA-2023:0934", "https://access.redhat.com/errata/RHSA-2023:1043", "https://access.redhat.com/errata/RHSA-2023:1044", "https://access.redhat.com/errata/RHSA-2023:1045", "https://access.redhat.com/errata/RHSA-2023:1047", "https://access.redhat.com/errata/RHSA-2023:1049" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-46175" ], "details": "JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later.", "id": "GSD-2022-46175", "modified": "2023-12-13T01:19:37.870635Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-46175", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "json5", "version": { "version_data": [ { "version_affected": "=", "version_value": "\u003c 2.2.2" } ] } } ] }, "vendor_name": "json5" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later." } ] }, "impact": { "cvss": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-1321", "lang": "eng", "value": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "refsource": "MISC", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" }, { "name": "https://github.com/json5/json5/issues/199", "refsource": "MISC", "url": "https://github.com/json5/json5/issues/199" }, { "name": "https://github.com/json5/json5/issues/295", "refsource": "MISC", "url": "https://github.com/json5/json5/issues/295" }, { "name": "https://github.com/json5/json5/pull/298", "refsource": "MISC", "url": "https://github.com/json5/json5/pull/298" }, { "name": "FEDORA-2023-e7297a4aeb", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3S26TLPLVFAJTUN3VIXFDEBEXDYO22CE/" }, { "name": "[debian-lts-announce] 20231125 [SECURITY] [DLA 3665-1] node-json5 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00021.html" } ] }, "source": { "advisory": "GHSA-9c47-m6qq-7p4h", "discovery": "UNKNOWN" } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c1.0.2||\u003e=2.0.0 \u003c2.2.2", "affected_versions": "All versions before 1.0.2, all versions starting from 2.0.0 before 2.2.2", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-1321", "CWE-937" ], "date": "2023-02-28", "description": "JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including version `2.2.1` does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 version 2.2.2 and later.", "fixed_versions": [ "1.0.2", "2.2.2" ], "identifier": "CVE-2022-46175", "identifiers": [ "CVE-2022-46175", "GHSA-9c47-m6qq-7p4h" ], "not_impacted": "All versions starting from 1.0.2 before 2.0.0, all versions starting from 2.2.2", "package_slug": "npm/json5", "pubdate": "2022-12-24", "solution": "Upgrade to versions 1.0.2, 2.2.2 or above.", "title": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)", "urls": [ "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "https://github.com/json5/json5/issues/199", "https://github.com/json5/json5/issues/295", "https://github.com/advisories/GHSA-9c47-m6qq-7p4h" ], "uuid": "1a8ca739-19bd-4b8a-8166-32737f587056" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:json5:json5:*:*:*:*:*:node.js:*:*", "cpe_name": [], "versionEndExcluding": "2.2.2", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:json5:json5:*:*:*:*:*:node.js:*:*", "cpe_name": [], "versionEndExcluding": "1.0.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-46175" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-1321" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "refsource": "MISC", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" }, { "name": "https://github.com/json5/json5/issues/199", "refsource": "MISC", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://github.com/json5/json5/issues/199" }, { "name": "https://github.com/json5/json5/issues/295", "refsource": "MISC", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/json5/json5/issues/295" }, { "name": "https://github.com/json5/json5/pull/298", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/json5/json5/pull/298" }, { "name": "FEDORA-2023-e7297a4aeb", "refsource": "", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3S26TLPLVFAJTUN3VIXFDEBEXDYO22CE/" }, { "name": "[debian-lts-announce] 20231125 [SECURITY] [DLA 3665-1] node-json5 security update", "refsource": "", "tags": [], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00021.html" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } }, "lastModifiedDate": "2023-11-26T01:15Z", "publishedDate": "2022-12-24T04:15Z" } } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.