Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-58190 (GCVE-0-2025-58190)
Vulnerability from cvelistv5 – Published: 2026-02-05 17:48 – Updated: 2026-02-12 15:22
VLAI
EPSS
Title
Infinite parsing loop in golang.org/x/net
Summary
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| golang.org/x/net | golang.org/x/net/html |
Affected:
0 , < 0.45.0
(semver)
|
Credits
Guido Vranken
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-58190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T15:22:10.801204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T15:22:37.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/html",
"product": "golang.org/x/net/html",
"programRoutines": [
{
"name": "inRowIM"
},
{
"name": "Parse"
},
{
"name": "ParseFragment"
},
{
"name": "ParseFragmentWithOptions"
},
{
"name": "ParseWithOptions"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.45.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Guido Vranken"
}
],
"descriptions": [
{
"lang": "en",
"value": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-835: Loop with Unreachable Exit Condition",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T17:48:44.693Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"url": "https://github.com/golang/vulndb/issues/4441"
},
{
"url": "https://go.dev/cl/709875"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4441"
}
],
"title": "Infinite parsing loop in golang.org/x/net"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-58190",
"datePublished": "2026-02-05T17:48:44.693Z",
"dateReserved": "2025-08-27T14:50:58.692Z",
"dateUpdated": "2026-02-12T15:22:37.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-58190",
"date": "2026-06-23",
"epss": "0.00482",
"percentile": "0.37794"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-58190\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-02-05T18:16:10.027\",\"lastModified\":\"2026-02-18T17:46:35.163\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n html.Parse en golang.org/x/net/html tiene un bucle de an\u00e1lisis infinito al procesar ciertas entradas, lo que puede llevar a una denegaci\u00f3n de servicio (DoS) si un atacante proporciona contenido HTML especialmente dise\u00f1ado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:go:html:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.45.0\",\"matchCriteriaId\":\"376264FC-D0BB-4AAD-B6DE-127D83F3070A\"}]}]}],\"references\":[{\"url\":\"https://github.com/golang/vulndb/issues/4441\",\"source\":\"security@golang.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://go.dev/cl/709875\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4441\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-58190\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-12T15:22:10.801204Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-12T15:22:27.673Z\"}}], \"cna\": {\"title\": \"Infinite parsing loop in golang.org/x/net\", \"credits\": [{\"lang\": \"en\", \"value\": \"Guido Vranken\"}], \"affected\": [{\"vendor\": \"golang.org/x/net\", \"product\": \"golang.org/x/net/html\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.45.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/net/html\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"inRowIM\"}, {\"name\": \"Parse\"}, {\"name\": \"ParseFragment\"}, {\"name\": \"ParseFragmentWithOptions\"}, {\"name\": \"ParseWithOptions\"}]}], \"references\": [{\"url\": \"https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c\"}, {\"url\": \"https://github.com/golang/vulndb/issues/4441\"}, {\"url\": \"https://go.dev/cl/709875\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4441\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-835: Loop with Unreachable Exit Condition\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-02-05T17:48:44.693Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-58190\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-12T15:22:37.685Z\", \"dateReserved\": \"2025-08-27T14:50:58.692Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-02-05T17:48:44.693Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2026:20044-1
Vulnerability from csaf_opensuse - Published: 2026-01-15 17:56 - Updated: 2026-01-15 17:56Summary
Security update for alloy
Severity
Important
Notes
Title of the patch: Security update for alloy
Description of the patch: This update for alloy fixes the following issues:
Upgrade to version 1.12.1.
Security issues fixed:
- CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents
(bsc#1251509).
- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially
crafted input (bsc#1251716).
- CVE-2025-47913: golang.org/x/crypto: early client process termination when receiving an unexpected message type in
response to a key listing or signing request (bsc#1253609).
Other updates and bugfixes:
- Version 1.12.1:
* Bugfixes
- update to Beyla 2.7.10.
- Version 1.12.0:
* Breaking changes
- `prometheus.exporter.blackbox`, `prometheus.exporter.snmp` and `prometheus.exporter.statsd` now use the component
ID instead of the hostname as their instance label in their exported metrics.
* Features
- (Experimental) Add an `otelcol.receiver.cloudflare` component to receive logs pushed by Cloudflare's LogPush
jobs.
- (Experimental) Additions to experimental `database_observability.mysql` component:
- `explain_plans`
- collector now changes schema before returning the connection to the pool.
- collector now passes queries more permissively.
- enable `explain_plans` collector by default
- (Experimental) Additions to experimental `database_observability.postgres` component:
- `explain_plans`
- added the explain plan collector.
- collector now passes queries more permissively.
- `query_samples`
- add user field to wait events within `query_samples` collector.
- rework the query samples collector to buffer per-query execution state across scrapes and emit finalized
entries.
- process turned idle rows to calculate finalization times precisely and emit first seen idle rows.
- `query_details`
- escape queries coming from `pg_stat_statements` with quotes.
- enable `explain_plans` collector by default.
- safely generate `server_id` when UDP socket used for database connection.
- add table registry and include "validated" in parsed table name logs.
- Add `otelcol.exporter.googlecloudpubsub` community component to export metrics, traces, and logs to Google Cloud
Pub/Sub topic.
- Add `structured_metadata_drop` stage for `loki.process` to filter structured metadata.
- Send remote config status to the remote server for the `remotecfg` service.
- Send effective config to the remote server for the `remotecfg` service.
- Add a `stat_statements` configuration block to the `prometheus.exporter.postgres` component to enable selecting
both the query ID and the full SQL statement. The new block includes one option to enable statement selection,
and another to configure the maximum length of the statement text.
- Add truncate stage for `loki.process` to truncate log entries, label values, and `structured_metadata` values.
- Add `u_probe_links` & `load_probe` configuration fields to alloy `pyroscope.ebpf` to extend configuration of
the `opentelemetry-ebpf-profiler` to allow uprobe profiling and dynamic probing.
- Add `verbose_mode` configuration fields to `alloy pyroscope.ebpf` to be enable `ebpf-profiler` verbose mode.
- Add `file_match` block to `loki.source.file` for built-in file discovery using glob patterns.
- Add a regex argument to the `structured_metadata` stage in `loki.process` to extract labels matching a regular
expression.
- OpenTelemetry Collector dependencies upgraded from v0.134.0 to v0.139.0.
- See the upstream
[core](https://github.com/open-telemetry/opentelemetry-collector/blob/v0.139.0/CHANGELOG.md)
and
[contrib](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/v0.139.0/CHANGELOG.md)
changelogs for more details.
- A new `mimir.alerts.kubernetes` component which discovers AlertmanagerConfig Kubernetes resources and loads them
into a Mimir instance.
- Mark `stage.windowsevent` block in the `loki.process` component as GA.
* Enhancements
- Add per-application rate limiting with the strategy attribute in the `faro.receiver` component, to prevent one
application from consuming the rate limit quota of others.
- Add support of tls in components `loki.source.(awsfirehose|gcplog|heroku|api)` and `prometheus.receive_http` and
`pyroscope.receive_http`.
- Remove `SendSIGKILL=no` from unit files and recommendations.
- Reduce memory overhead of `prometheus.remote_write`'s WAL by lowering the size of the allocated series storage.
- Reduce lock wait/contention on the `labelstore.LabelStore` by removing unecessary usage from
`prometheus.relabel`.
- `prometheus.exporter.postgres` dependency has been updated to v0.18.1.
- Update Beyla component to 2.7.8.
- Support delimiters in `stage.luhn`.
- `pyroscope.java`: update `async-profiler` to 4.2.
- `prometheus.exporter.unix`: Add an arp config block to configure the ARP collector.
- `prometheus.exporter.snowflake` dependency has been updated to 20251016132346-6d442402afb2.
- `loki.source.podlogs` now supports `preserve_discovered_labels` parameter to preserve discovered pod metadata
labels for use by downstream components.
- Rework underlying framework of Alloy UI to use Vite instead of Create React App.
- Use POST requests for remote config requests to avoid hitting http2 header limits.
- `loki.source.api` during component shutdown will now reject all the inflight requests with status code 503 after
`graceful_shutdown_timeout` has expired.
- `kubernetes.discovery`: Add support for attaching namespace metadata.
- Add `meta_cache_address` to `beyla.ebpf` component.
* Bugfixes
- Stop `loki.source.kubernetes` discarding log lines with duplicate timestamps.
- Fix direction of arrows for pyroscope components in UI graph.
- Only log EOF errors for syslog port investigations in `loki.source.syslog` as Debug, not Warn.
- Fix `prometheus.exporter.process` ignoring the `remove_empty_groups` argument.
- Fix issues with "unknown series ref when trying to add exemplar" from `prometheus.remote_write` by allowing
series ref links to be updated if they change.
- Fix `loki.source.podlogs` component to register the Kubernetes field index for `spec.nodeName` when node
filtering is enabled, preventing "Index with name `field:spec.nodeName` does not exist" errors.
- Fix issue in `loki.source.file` where scheduling files could take too long.
- Fix `loki.write` no longer includes internal labels __.
- Fix missing native histograms custom buckets (NHCB) samples from `prometheus.remote_write`.
- `otelcol.receiver.prometheus` now supports mixed histograms if `prometheus.scrape` has `honor_metadata` set to
true.
- `loki.source.file` has better support for non-UTF-8 encoded files.
- Fix the `loki.write` endpoint block's `enable_http2` attribute to actually affect the client.
- Optionally remove trailing newlines before appending entries in `stage.multiline`.
- `loki.source.api` no longer drops request when relabel rules drops a specific stream.
Patchnames: openSUSE-Leap-16.0-149
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for alloy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for alloy fixes the following issues:\n\nUpgrade to version 1.12.1.\n\n\nSecurity issues fixed:\n\n- CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents\n (bsc#1251509).\n- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially\n crafted input (bsc#1251716).\n- CVE-2025-47913: golang.org/x/crypto: early client process termination when receiving an unexpected message type in\n response to a key listing or signing request (bsc#1253609).\n\nOther updates and bugfixes:\n\n- Version 1.12.1:\n * Bugfixes\n - update to Beyla 2.7.10.\n\n- Version 1.12.0:\n * Breaking changes\n - `prometheus.exporter.blackbox`, `prometheus.exporter.snmp` and `prometheus.exporter.statsd` now use the component\n ID instead of the hostname as their instance label in their exported metrics.\n * Features\n - (Experimental) Add an `otelcol.receiver.cloudflare` component to receive logs pushed by Cloudflare\u0027s LogPush\n jobs.\n - (Experimental) Additions to experimental `database_observability.mysql` component:\n - `explain_plans`\n - collector now changes schema before returning the connection to the pool.\n - collector now passes queries more permissively.\n - enable `explain_plans` collector by default\n - (Experimental) Additions to experimental `database_observability.postgres` component:\n - `explain_plans`\n - added the explain plan collector.\n - collector now passes queries more permissively.\n - `query_samples`\n - add user field to wait events within `query_samples` collector.\n - rework the query samples collector to buffer per-query execution state across scrapes and emit finalized\n entries.\n - process turned idle rows to calculate finalization times precisely and emit first seen idle rows.\n - `query_details`\n - escape queries coming from `pg_stat_statements` with quotes.\n - enable `explain_plans` collector by default.\n - safely generate `server_id` when UDP socket used for database connection.\n - add table registry and include \"validated\" in parsed table name logs.\n - Add `otelcol.exporter.googlecloudpubsub` community component to export metrics, traces, and logs to Google Cloud\n Pub/Sub topic.\n - Add `structured_metadata_drop` stage for `loki.process` to filter structured metadata.\n - Send remote config status to the remote server for the `remotecfg` service.\n - Send effective config to the remote server for the `remotecfg` service.\n - Add a `stat_statements` configuration block to the `prometheus.exporter.postgres` component to enable selecting\n both the query ID and the full SQL statement. The new block includes one option to enable statement selection,\n and another to configure the maximum length of the statement text.\n - Add truncate stage for `loki.process` to truncate log entries, label values, and `structured_metadata` values.\n - Add `u_probe_links` \u0026 `load_probe` configuration fields to alloy `pyroscope.ebpf` to extend configuration of\n the `opentelemetry-ebpf-profiler` to allow uprobe profiling and dynamic probing.\n - Add `verbose_mode` configuration fields to `alloy pyroscope.ebpf` to be enable `ebpf-profiler` verbose mode.\n - Add `file_match` block to `loki.source.file` for built-in file discovery using glob patterns.\n - Add a regex argument to the `structured_metadata` stage in `loki.process` to extract labels matching a regular\n expression.\n - OpenTelemetry Collector dependencies upgraded from v0.134.0 to v0.139.0.\n - See the upstream\n [core](https://github.com/open-telemetry/opentelemetry-collector/blob/v0.139.0/CHANGELOG.md)\n and\n [contrib](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/v0.139.0/CHANGELOG.md)\n changelogs for more details.\n - A new `mimir.alerts.kubernetes` component which discovers AlertmanagerConfig Kubernetes resources and loads them\n into a Mimir instance.\n - Mark `stage.windowsevent` block in the `loki.process` component as GA.\n * Enhancements\n - Add per-application rate limiting with the strategy attribute in the `faro.receiver` component, to prevent one\n application from consuming the rate limit quota of others.\n - Add support of tls in components `loki.source.(awsfirehose|gcplog|heroku|api)` and `prometheus.receive_http` and\n `pyroscope.receive_http`.\n - Remove `SendSIGKILL=no` from unit files and recommendations.\n - Reduce memory overhead of `prometheus.remote_write`\u0027s WAL by lowering the size of the allocated series storage.\n - Reduce lock wait/contention on the `labelstore.LabelStore` by removing unecessary usage from\n `prometheus.relabel`.\n - `prometheus.exporter.postgres` dependency has been updated to v0.18.1.\n - Update Beyla component to 2.7.8.\n - Support delimiters in `stage.luhn`.\n - `pyroscope.java`: update `async-profiler` to 4.2.\n - `prometheus.exporter.unix`: Add an arp config block to configure the ARP collector.\n - `prometheus.exporter.snowflake` dependency has been updated to 20251016132346-6d442402afb2.\n - `loki.source.podlogs` now supports `preserve_discovered_labels` parameter to preserve discovered pod metadata\n labels for use by downstream components.\n - Rework underlying framework of Alloy UI to use Vite instead of Create React App.\n - Use POST requests for remote config requests to avoid hitting http2 header limits.\n - `loki.source.api` during component shutdown will now reject all the inflight requests with status code 503 after\n `graceful_shutdown_timeout` has expired.\n - `kubernetes.discovery`: Add support for attaching namespace metadata.\n - Add `meta_cache_address` to `beyla.ebpf` component.\n * Bugfixes\n - Stop `loki.source.kubernetes` discarding log lines with duplicate timestamps.\n - Fix direction of arrows for pyroscope components in UI graph.\n - Only log EOF errors for syslog port investigations in `loki.source.syslog` as Debug, not Warn.\n - Fix `prometheus.exporter.process` ignoring the `remove_empty_groups` argument.\n - Fix issues with \"unknown series ref when trying to add exemplar\" from `prometheus.remote_write` by allowing\n series ref links to be updated if they change.\n - Fix `loki.source.podlogs` component to register the Kubernetes field index for `spec.nodeName` when node\n filtering is enabled, preventing \"Index with name `field:spec.nodeName` does not exist\" errors.\n - Fix issue in `loki.source.file` where scheduling files could take too long.\n - Fix `loki.write` no longer includes internal labels __.\n - Fix missing native histograms custom buckets (NHCB) samples from `prometheus.remote_write`.\n - `otelcol.receiver.prometheus` now supports mixed histograms if `prometheus.scrape` has `honor_metadata` set to\n true.\n - `loki.source.file` has better support for non-UTF-8 encoded files.\n - Fix the `loki.write` endpoint block\u0027s `enable_http2` attribute to actually affect the client.\n - Optionally remove trailing newlines before appending entries in `stage.multiline`.\n - `loki.source.api` no longer drops request when relabel rules drops a specific stream.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-149",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20044-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1251509",
"url": "https://bugzilla.suse.com/1251509"
},
{
"category": "self",
"summary": "SUSE Bug 1251716",
"url": "https://bugzilla.suse.com/1251716"
},
{
"category": "self",
"summary": "SUSE Bug 1253609",
"url": "https://bugzilla.suse.com/1253609"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for alloy",
"tracking": {
"current_release_date": "2026-01-15T17:56:17Z",
"generator": {
"date": "2026-01-15T17:56:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20044-1",
"initial_release_date": "2026-01-15T17:56:17Z",
"revision_history": [
{
"date": "2026-01-15T17:56:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.1-160000.1.1.aarch64",
"product": {
"name": "alloy-1.12.1-160000.1.1.aarch64",
"product_id": "alloy-1.12.1-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.1-160000.1.1.ppc64le",
"product": {
"name": "alloy-1.12.1-160000.1.1.ppc64le",
"product_id": "alloy-1.12.1-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.1-160000.1.1.s390x",
"product": {
"name": "alloy-1.12.1-160000.1.1.s390x",
"product_id": "alloy-1.12.1-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.1-160000.1.1.x86_64",
"product": {
"name": "alloy-1.12.1-160000.1.1.x86_64",
"product_id": "alloy-1.12.1-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.1-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.aarch64"
},
"product_reference": "alloy-1.12.1-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.1-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.ppc64le"
},
"product_reference": "alloy-1.12.1-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.1-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.s390x"
},
"product_reference": "alloy-1.12.1-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.1-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.x86_64"
},
"product_reference": "alloy-1.12.1-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T17:56:17Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T17:56:17Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.s390x",
"openSUSE Leap 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T17:56:17Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
OPENSUSE-SU-2026:20058-1
Vulnerability from csaf_opensuse - Published: 2026-01-17 09:30 - Updated: 2026-01-17 09:30Summary
Security update for go-sendxmpp
Severity
Moderate
Notes
Title of the patch: Security update for go-sendxmpp
Description of the patch: This update for go-sendxmpp fixes the following issues:
Changes in go-sendxmpp:
- Update to 0.15.1:
Added
* Add XEP-0359 Origin-ID to messages (requires go-xmpp >= v0.2.18).
Changed
* HTTP upload: Ignore timeouts on disco IQs as some components do
not reply.
- Upgrades the embedded golang.org/x/net to 0.46.0
* Fixes: bsc#1251461, CVE-2025-47911: various algorithms with
quadratic complexity when parsing HTML documents
* Fixes: bsc#1251677, CVE-2025-58190: excessive memory consumption
by 'html.ParseFragment' when processing specially crafted input
- Update to 0.15.0:
Added:
* Add flag --verbose to show debug information.
* Add flag --recipients to specify recipients by file.
* Add flag --retry-connect to try after a waiting time if the connection fails.
* Add flag --retry-connect-max to specify the amount of retry attempts.
* Add flag --legacy-pgp for using XEP-0027 PGP encryption with Ox keys.
* Add support for punycode domains.
Changed:
* Update gopenpgp library to v3.
* Improve error detection for MUC joins.
* Don't try to connect to other SRV record targets if error contains 'auth-failure'.
* Remove support for old SSDP version (via go-xmpp v0.2.15).
* Http-upload: Stop checking other disco items after finding upload component.
* Increase default TLS version to 1.3.
- bsc#1241814 (CVE-2025-22872): This update includes golang.org/x/net/html 0.43.0
- Update to 0.14.1:
* Use prettier date format for error messages.
* Update XEP-0474 to version 0.4.0 (requires go-xmpp >= 0.2.10).
- Update to 0.14.0:
Added:
* Add --fast-invalidate to allow invalidating the FAST token.
Changed:
* Don't create legacy Ox private key directory in ~/.local/share/go-sendxmpp/oxprivkeys.
* Delete legacy Ox private key directory if it's empty.
* Show proper error if saved FAST mechanism isn't usable with current TLS version (requires go-xmpp >= 0.2.9).
* Print debug output to stdout, not stderr (requires go-xmpp >= 0.2.9).
* Show RECV: and SEND: prefix for debug output (requires go-xmpp >= 0.2.9).
* Delete stored fast token if --fast-invalidate and --fast-off are set.
* Show error when FAST creds are stored but non-FAST mechanism is requested.
- Update to 0.13.0:
Added:
* Add --anonymous to support anonymous authentication (requires go-xmpp >= 0.2.8).
* Add XEP-0480: SASL Upgrade Tasks support (requires go-xmpp >= 0.2.8).
* Add support for see-other-host stream error (requires go-xmpp >= 0.2.8).
Changed:
* Don't automatically try other auth mechanisms if FAST authentication fails.
- Update to 0.12.1:
Changed:
* Print error instead of quitting if a message of type error is received.
* Allow upload of multiple files.
Added:
* Add flag --suppress-root-warning to suppress the warning when go-sendxmpp is used by the root user.
- Update to 0.12.0:
Added:
* Add possibility to look up direct TLS connection endpoint via hostmeta2 (requires xmppsrv >= 0.3.3).
* Add flag --allow-plain to allow PLAIN authentication (requires go-xmpp >= 0.2.5).
Changed:
* Disable PLAIN authentication per default.
* Disable PLAIN authentication after first use of a SCRAM auth mechanism (overrides --allow-plain) (requires
go-xmpp >= 0.2.5).
- Update to 0.11.4:
* Fix bug in SCRAM-SHA-256-PLUS (via go-xmpp >= 0.2.4).
- Update to 0.11.3:
* Add go-xmpp library version to --version output (requires go-xmpp >= 0.2.2).
* Fix XEP-0474: SASL SCRAM Downgrade Protection hash calculation bug (via go-xmpp >= v0.2.3).
* [gocritic]: Improve code quality.
Patchnames: openSUSE-Leap-16.0-packagehub-82
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go-sendxmpp",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go-sendxmpp fixes the following issues:\n\nChanges in go-sendxmpp:\n\n- Update to 0.15.1:\n Added\n * Add XEP-0359 Origin-ID to messages (requires go-xmpp \u003e= v0.2.18).\n Changed\n * HTTP upload: Ignore timeouts on disco IQs as some components do\n not reply.\n- Upgrades the embedded golang.org/x/net to 0.46.0\n * Fixes: bsc#1251461, CVE-2025-47911: various algorithms with\n quadratic complexity when parsing HTML documents\n * Fixes: bsc#1251677, CVE-2025-58190: excessive memory consumption\n by \u0027html.ParseFragment\u0027 when processing specially crafted input\n\n- Update to 0.15.0:\n Added:\n * Add flag --verbose to show debug information.\n * Add flag --recipients to specify recipients by file.\n * Add flag --retry-connect to try after a waiting time if the connection fails.\n * Add flag --retry-connect-max to specify the amount of retry attempts.\n * Add flag --legacy-pgp for using XEP-0027 PGP encryption with Ox keys.\n * Add support for punycode domains.\n Changed:\n * Update gopenpgp library to v3.\n * Improve error detection for MUC joins.\n * Don\u0027t try to connect to other SRV record targets if error contains \u0027auth-failure\u0027.\n * Remove support for old SSDP version (via go-xmpp v0.2.15).\n * Http-upload: Stop checking other disco items after finding upload component.\n * Increase default TLS version to 1.3.\n- bsc#1241814 (CVE-2025-22872): This update includes golang.org/x/net/html 0.43.0\n\n- Update to 0.14.1:\n * Use prettier date format for error messages.\n * Update XEP-0474 to version 0.4.0 (requires go-xmpp \u003e= 0.2.10).\n\n- Update to 0.14.0:\n Added:\n * Add --fast-invalidate to allow invalidating the FAST token.\n Changed:\n * Don\u0027t create legacy Ox private key directory in ~/.local/share/go-sendxmpp/oxprivkeys.\n * Delete legacy Ox private key directory if it\u0027s empty.\n * Show proper error if saved FAST mechanism isn\u0027t usable with current TLS version (requires go-xmpp \u003e= 0.2.9).\n * Print debug output to stdout, not stderr (requires go-xmpp \u003e= 0.2.9).\n * Show RECV: and SEND: prefix for debug output (requires go-xmpp \u003e= 0.2.9).\n * Delete stored fast token if --fast-invalidate and --fast-off are set.\n * Show error when FAST creds are stored but non-FAST mechanism is requested.\n\n- Update to 0.13.0:\n Added:\n * Add --anonymous to support anonymous authentication (requires go-xmpp \u003e= 0.2.8).\n * Add XEP-0480: SASL Upgrade Tasks support (requires go-xmpp \u003e= 0.2.8).\n * Add support for see-other-host stream error (requires go-xmpp \u003e= 0.2.8).\n Changed:\n * Don\u0027t automatically try other auth mechanisms if FAST authentication fails.\n\n- Update to 0.12.1:\n Changed:\n * Print error instead of quitting if a message of type error is received.\n * Allow upload of multiple files.\n Added:\n * Add flag --suppress-root-warning to suppress the warning when go-sendxmpp is used by the root user.\n\n- Update to 0.12.0:\n Added:\n * Add possibility to look up direct TLS connection endpoint via hostmeta2 (requires xmppsrv \u003e= 0.3.3).\n * Add flag --allow-plain to allow PLAIN authentication (requires go-xmpp \u003e= 0.2.5).\n Changed:\n * Disable PLAIN authentication per default.\n * Disable PLAIN authentication after first use of a SCRAM auth mechanism (overrides --allow-plain) (requires\n go-xmpp \u003e= 0.2.5).\n\n- Update to 0.11.4:\n * Fix bug in SCRAM-SHA-256-PLUS (via go-xmpp \u003e= 0.2.4).\n\n- Update to 0.11.3:\n * Add go-xmpp library version to --version output (requires go-xmpp \u003e= 0.2.2).\n * Fix XEP-0474: SASL SCRAM Downgrade Protection hash calculation bug (via go-xmpp \u003e= v0.2.3).\n * [gocritic]: Improve code quality.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-82",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20058-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1241814",
"url": "https://bugzilla.suse.com/1241814"
},
{
"category": "self",
"summary": "SUSE Bug 1251461",
"url": "https://bugzilla.suse.com/1251461"
},
{
"category": "self",
"summary": "SUSE Bug 1251677",
"url": "https://bugzilla.suse.com/1251677"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for go-sendxmpp",
"tracking": {
"current_release_date": "2026-01-17T09:30:33Z",
"generator": {
"date": "2026-01-17T09:30:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20058-1",
"initial_release_date": "2026-01-17T09:30:33Z",
"revision_history": [
{
"date": "2026-01-17T09:30:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go-sendxmpp-0.15.1-bp160.1.1.aarch64",
"product": {
"name": "go-sendxmpp-0.15.1-bp160.1.1.aarch64",
"product_id": "go-sendxmpp-0.15.1-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-sendxmpp-0.15.1-bp160.1.1.ppc64le",
"product": {
"name": "go-sendxmpp-0.15.1-bp160.1.1.ppc64le",
"product_id": "go-sendxmpp-0.15.1-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go-sendxmpp-0.15.1-bp160.1.1.s390x",
"product": {
"name": "go-sendxmpp-0.15.1-bp160.1.1.s390x",
"product_id": "go-sendxmpp-0.15.1-bp160.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go-sendxmpp-0.15.1-bp160.1.1.x86_64",
"product": {
"name": "go-sendxmpp-0.15.1-bp160.1.1.x86_64",
"product_id": "go-sendxmpp-0.15.1-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go-sendxmpp-0.15.1-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.aarch64"
},
"product_reference": "go-sendxmpp-0.15.1-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-sendxmpp-0.15.1-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.ppc64le"
},
"product_reference": "go-sendxmpp-0.15.1-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-sendxmpp-0.15.1-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.s390x"
},
"product_reference": "go-sendxmpp-0.15.1-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-sendxmpp-0.15.1-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.x86_64"
},
"product_reference": "go-sendxmpp-0.15.1-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.aarch64",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.s390x",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.aarch64",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.s390x",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.aarch64",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.s390x",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-17T09:30:33Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.aarch64",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.s390x",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.aarch64",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.s390x",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.aarch64",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.s390x",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-17T09:30:33Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.aarch64",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.s390x",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.aarch64",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.s390x",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.aarch64",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.s390x",
"openSUSE Leap 16.0:go-sendxmpp-0.15.1-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-17T09:30:33Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
OPENSUSE-SU-2026:20105-1
Vulnerability from csaf_opensuse - Published: 2026-01-23 10:02 - Updated: 2026-01-23 10:02Summary
Security update for sbctl
Severity
Moderate
Notes
Title of the patch: Security update for sbctl
Description of the patch: This update for sbctl fixes the following issues:
Changes in sbctl:
- Upgrade the embedded golang.org/x/net to 0.46.0
* Fixes: bsc#1251399, CVE-2025-47911: various algorithms with
quadratic complexity when parsing HTML documents
* Fixes: bsc#1251609, CVE-2025-58190: excessive memory consumption
by 'html.ParseFragment' when processing specially crafted input
- Update to version 0.18:
* logging: fixup new go vet warning
* workflows: add cc for cross compile
* workflow: add sudo to apt
* workflow: add pcsclite to ci
* workflow: try enable cgo
* go.mod: update golang.org/x/ dependencies
* fix: avoid adding bogus Country attribute to subject DNs
* sbctl: only store file if we did actually sign the file
* installkernel: add post install hook for Debian's traditional installkernel
* CI: missing libpcsclite pkg
* workflows: add missing depends and new pattern keyword
* Add yubikey example for create keys to the README
* Initial yubikey backend keytype support
* verify: ensure we pass args in correct order
- bsc#1248949 (CVE-2025-58058):
Bump xz to 0.5.14
- Update to version 0.17:
* Ensure we don't wrongly compare input/output files when signing
* Added --json supprt to sbctl verify
* Ensure sbctl setup with no arguments returns a helpful output
* Import latest Microsoft keys for KEK and db databases
* Ensure we print the path of the file when encountering an invalid PE file
* Misc fixups in tests
* Misc typo fixes in prints
- Update to version 0.16:
* Ensure sbctl reads --config even if /etc/sbctl/sbctl.conf is
present
* Fixed a bug where sbctl would abort if the TPM eventlog
contains the same byte multiple times
* Fixed a landlock bug where enroll-keys --export did not work
* Fixed a bug where an ESP mounted to multiple paths would not be
detected
* Exporting keys without efivars present work again
* sbctl sign will now use the saved output path if the signed
file is enrolled
* enroll-keys --append will now work without --force.
- Updates from version 0.15.4:
* Fixed an issue where sign-all did not report a non-zero exit
code when something failed
* Fixed and issue where we couldn't write to a file with landlock
* Fixed an issue where --json would print the human readable
output and the json
* Fixes landlock for UKI/bundles by disabling the sandbox feature
* Some doc fixups that mentioned /usr/share/
Patchnames: openSUSE-Leap-16.0-packagehub-93
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sbctl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sbctl fixes the following issues:\n\nChanges in sbctl:\n\n- Upgrade the embedded golang.org/x/net to 0.46.0\n * Fixes: bsc#1251399, CVE-2025-47911: various algorithms with\n quadratic complexity when parsing HTML documents\n * Fixes: bsc#1251609, CVE-2025-58190: excessive memory consumption\n by \u0027html.ParseFragment\u0027 when processing specially crafted input\n\n- Update to version 0.18:\n * logging: fixup new go vet warning\n * workflows: add cc for cross compile\n * workflow: add sudo to apt\n * workflow: add pcsclite to ci\n * workflow: try enable cgo\n * go.mod: update golang.org/x/ dependencies\n * fix: avoid adding bogus Country attribute to subject DNs\n * sbctl: only store file if we did actually sign the file\n * installkernel: add post install hook for Debian\u0027s traditional installkernel\n * CI: missing libpcsclite pkg\n * workflows: add missing depends and new pattern keyword\n * Add yubikey example for create keys to the README\n * Initial yubikey backend keytype support\n * verify: ensure we pass args in correct order\n\n- bsc#1248949 (CVE-2025-58058):\n Bump xz to 0.5.14\n\n- Update to version 0.17:\n * Ensure we don\u0027t wrongly compare input/output files when signing\n * Added --json supprt to sbctl verify\n * Ensure sbctl setup with no arguments returns a helpful output\n * Import latest Microsoft keys for KEK and db databases\n * Ensure we print the path of the file when encountering an invalid PE file\n * Misc fixups in tests\n * Misc typo fixes in prints\n\n- Update to version 0.16:\n * Ensure sbctl reads --config even if /etc/sbctl/sbctl.conf is\n present\n * Fixed a bug where sbctl would abort if the TPM eventlog\n contains the same byte multiple times\n * Fixed a landlock bug where enroll-keys --export did not work\n * Fixed a bug where an ESP mounted to multiple paths would not be\n detected\n * Exporting keys without efivars present work again\n * sbctl sign will now use the saved output path if the signed\n file is enrolled\n * enroll-keys --append will now work without --force.\n- Updates from version 0.15.4:\n * Fixed an issue where sign-all did not report a non-zero exit\n code when something failed\n * Fixed and issue where we couldn\u0027t write to a file with landlock\n * Fixed an issue where --json would print the human readable\n output and the json\n * Fixes landlock for UKI/bundles by disabling the sandbox feature\n * Some doc fixups that mentioned /usr/share/\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-93",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20105-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1248949",
"url": "https://bugzilla.suse.com/1248949"
},
{
"category": "self",
"summary": "SUSE Bug 1251399",
"url": "https://bugzilla.suse.com/1251399"
},
{
"category": "self",
"summary": "SUSE Bug 1251609",
"url": "https://bugzilla.suse.com/1251609"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for sbctl",
"tracking": {
"current_release_date": "2026-01-23T10:02:42Z",
"generator": {
"date": "2026-01-23T10:02:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20105-1",
"initial_release_date": "2026-01-23T10:02:42Z",
"revision_history": [
{
"date": "2026-01-23T10:02:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sbctl-0.18-bp160.1.1.aarch64",
"product": {
"name": "sbctl-0.18-bp160.1.1.aarch64",
"product_id": "sbctl-0.18-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sbctl-0.18-bp160.1.1.x86_64",
"product": {
"name": "sbctl-0.18-bp160.1.1.x86_64",
"product_id": "sbctl-0.18-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sbctl-0.18-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.aarch64"
},
"product_reference": "sbctl-0.18-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sbctl-0.18-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.x86_64"
},
"product_reference": "sbctl-0.18-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.aarch64",
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.aarch64",
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.aarch64",
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T10:02:42Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58058"
}
],
"notes": [
{
"category": "general",
"text": "xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn\u0027t include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.aarch64",
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58058",
"url": "https://www.suse.com/security/cve/CVE-2025-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1248889 for CVE-2025-58058",
"url": "https://bugzilla.suse.com/1248889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.aarch64",
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.aarch64",
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T10:02:42Z",
"details": "moderate"
}
],
"title": "CVE-2025-58058"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.aarch64",
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.aarch64",
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.aarch64",
"openSUSE Leap 16.0:sbctl-0.18-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T10:02:42Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
OPENSUSE-SU-2026:20132-1
Vulnerability from csaf_opensuse - Published: 2026-01-29 15:32 - Updated: 2026-01-29 15:32Summary
Security update for elemental-register, elemental-toolkit
Severity
Important
Notes
Title of the patch: Security update for elemental-register, elemental-toolkit
Description of the patch: This update for elemental-register, elemental-toolkit fixes the following issues:
elemental-register was updated to 1.8.1:
Changes on top of v1.8.1:
* Update headers to 2026
* Update questions to include SL Micro 6.2
Update to v1.8.1:
* Install yip config files in before-install step
* Bump github.com/rancher-sandbox/go-tpm and its dependencies
This includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
elemental-toolkit was updated to v2.3.2:
* Bump golang.org/x/crypto library
This includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* bsc#1253581 (CVE-2025-47913)
* bsc#1253901 (CVE-2025-58181)
* bsc#1254079 (CVE-2025-47914)
Patchnames: openSUSE-Leap-16.0-217
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for elemental-register, elemental-toolkit",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for elemental-register, elemental-toolkit fixes the following issues:\n\nelemental-register was updated to 1.8.1:\n\nChanges on top of v1.8.1:\n\n * Update headers to 2026\n * Update questions to include SL Micro 6.2\n\nUpdate to v1.8.1:\n\n * Install yip config files in before-install step\n * Bump github.com/rancher-sandbox/go-tpm and its dependencies\n This includes few CVE fixes:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n\nelemental-toolkit was updated to v2.3.2:\n\n * Bump golang.org/x/crypto library\n This includes few CVE fixes:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n * bsc#1253581 (CVE-2025-47913)\n * bsc#1253901 (CVE-2025-58181)\n * bsc#1254079 (CVE-2025-47914)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-217",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20132-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1241826",
"url": "https://bugzilla.suse.com/1241826"
},
{
"category": "self",
"summary": "SUSE Bug 1241857",
"url": "https://bugzilla.suse.com/1241857"
},
{
"category": "self",
"summary": "SUSE Bug 1251511",
"url": "https://bugzilla.suse.com/1251511"
},
{
"category": "self",
"summary": "SUSE Bug 1251679",
"url": "https://bugzilla.suse.com/1251679"
},
{
"category": "self",
"summary": "SUSE Bug 1253581",
"url": "https://bugzilla.suse.com/1253581"
},
{
"category": "self",
"summary": "SUSE Bug 1253901",
"url": "https://bugzilla.suse.com/1253901"
},
{
"category": "self",
"summary": "SUSE Bug 1254079",
"url": "https://bugzilla.suse.com/1254079"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for elemental-register, elemental-toolkit",
"tracking": {
"current_release_date": "2026-01-29T15:32:26Z",
"generator": {
"date": "2026-01-29T15:32:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20132-1",
"initial_release_date": "2026-01-29T15:32:26Z",
"revision_history": [
{
"date": "2026-01-29T15:32:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.8.1-160000.1.1.aarch64",
"product": {
"name": "elemental-register-1.8.1-160000.1.1.aarch64",
"product_id": "elemental-register-1.8.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.8.1-160000.1.1.aarch64",
"product": {
"name": "elemental-support-1.8.1-160000.1.1.aarch64",
"product_id": "elemental-support-1.8.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.aarch64",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.aarch64",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.s390x",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.s390x",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.8.1-160000.1.1.x86_64",
"product": {
"name": "elemental-register-1.8.1-160000.1.1.x86_64",
"product_id": "elemental-register-1.8.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.8.1-160000.1.1.x86_64",
"product": {
"name": "elemental-support-1.8.1-160000.1.1.x86_64",
"product_id": "elemental-support-1.8.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.x86_64",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.x86_64",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.8.1-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64"
},
"product_reference": "elemental-register-1.8.1-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.8.1-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64"
},
"product_reference": "elemental-register-1.8.1-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.8.1-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64"
},
"product_reference": "elemental-support-1.8.1-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.8.1-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64"
},
"product_reference": "elemental-support-1.8.1-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
OPENSUSE-SU-2026:20206-1
Vulnerability from csaf_opensuse - Published: 2026-02-13 08:53 - Updated: 2026-02-13 08:53Summary
Security update for kepler
Severity
Moderate
Notes
Title of the patch: Security update for kepler
Description of the patch: This update for kepler fixes the following issues:
Update to version 0.11.3.
Security issues fixed:
- CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents
(bsc#1251427).
- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially
crafted input (bsc#1251632).
Other updates and bugfixes:
- Version 0.11.2:
* Fix: Fix node power metrics for Virtual Machines.
* Fix: Resolve an issue with pod energy metrics when a container has no usage.
- Version 0.11.1:
* Fix: Added missing serviceaccount in the Helm chart.
- Version 0.11.0:
* Feature: Added support for platform power metrics (AC).
* Feature: Introduced experimental support for trained power models.
* Fix: Improved the accuracy of power estimation for Virtual Machines.
* Breaking Change: Metrics related to `kepler_vm_` have been refactored.
- Version 0.10.1:
* Feature: Added support for the ARM64 architecture.
* Fix: Addressed issues when running on Virtual Machines without RAPL.
* Fix: Includes several other bug fixes and stability improvements.
- Version 0.10.0:
* Breaking Change: This is a major rewrite with significant architectural changes.
* Breaking Change: Legacy versions (0.9.0 and earlier) are now frozen, with no new features or bug fixes.
* Breaking Change: The configuration format has been updated.
* Breaking Change: The Kepler Model Server is not compatible with this version and above.
* Feature: New modular architecture for better extensibility.
* Feature: Enhanced performance and accuracy with dynamic detection of RAPL zones.
* Feature: Reduced security requirements, no longer needing CAP_SYS_ADMIN or CAP_BPF capabilities.
* Fix: Significantly reduced resource usage.
- Version 0.9.0:
* Note: This is the final legacy release.
* Feature: Added support for GPU power monitoring.
* Feature: Introduced a model server for training power models.
- Version 0.8.2:
* Fix: Addressed a bug in RAPL power calculation on multi-socket systems.
- Version 0.8.1:
* Fix: This version includes multiple bug fixes and stability improvements.
- Version 0.8.0:
* Feature: Introduced a new estimator framework.
* Breaking Change: The API is backward incompatible with previous versions.
- Version 0.7.12:
* Fix: This version includes multiple bug fixes and stability improvements.
Patchnames: openSUSE-Leap-16.0-261
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kepler",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kepler fixes the following issues:\n\nUpdate to version 0.11.3.\n\nSecurity issues fixed:\n\n- CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents\n (bsc#1251427).\n- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially\n crafted input (bsc#1251632).\n\nOther updates and bugfixes:\n\n- Version 0.11.2:\n * Fix: Fix node power metrics for Virtual Machines.\n * Fix: Resolve an issue with pod energy metrics when a container has no usage.\n\n- Version 0.11.1:\n * Fix: Added missing serviceaccount in the Helm chart.\n\n- Version 0.11.0:\n * Feature: Added support for platform power metrics (AC).\n * Feature: Introduced experimental support for trained power models.\n * Fix: Improved the accuracy of power estimation for Virtual Machines.\n * Breaking Change: Metrics related to `kepler_vm_` have been refactored.\n\n- Version 0.10.1:\n * Feature: Added support for the ARM64 architecture.\n * Fix: Addressed issues when running on Virtual Machines without RAPL.\n * Fix: Includes several other bug fixes and stability improvements.\n\n- Version 0.10.0:\n * Breaking Change: This is a major rewrite with significant architectural changes.\n * Breaking Change: Legacy versions (0.9.0 and earlier) are now frozen, with no new features or bug fixes.\n * Breaking Change: The configuration format has been updated.\n * Breaking Change: The Kepler Model Server is not compatible with this version and above.\n * Feature: New modular architecture for better extensibility.\n * Feature: Enhanced performance and accuracy with dynamic detection of RAPL zones.\n * Feature: Reduced security requirements, no longer needing CAP_SYS_ADMIN or CAP_BPF capabilities.\n * Fix: Significantly reduced resource usage.\n\n- Version 0.9.0:\n * Note: This is the final legacy release.\n * Feature: Added support for GPU power monitoring.\n * Feature: Introduced a model server for training power models.\n\n- Version 0.8.2:\n * Fix: Addressed a bug in RAPL power calculation on multi-socket systems.\n\n- Version 0.8.1:\n * Fix: This version includes multiple bug fixes and stability improvements.\n\n- Version 0.8.0:\n * Feature: Introduced a new estimator framework.\n * Breaking Change: The API is backward incompatible with previous versions.\n\n- Version 0.7.12:\n * Fix: This version includes multiple bug fixes and stability improvements.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-261",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20206-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1251427",
"url": "https://bugzilla.suse.com/1251427"
},
{
"category": "self",
"summary": "SUSE Bug 1251632",
"url": "https://bugzilla.suse.com/1251632"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for kepler",
"tracking": {
"current_release_date": "2026-02-13T08:53:10Z",
"generator": {
"date": "2026-02-13T08:53:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20206-1",
"initial_release_date": "2026-02-13T08:53:10Z",
"revision_history": [
{
"date": "2026-02-13T08:53:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kepler-0.11.3-160000.1.1.aarch64",
"product": {
"name": "kepler-0.11.3-160000.1.1.aarch64",
"product_id": "kepler-0.11.3-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kepler-0.11.3-160000.1.1.ppc64le",
"product": {
"name": "kepler-0.11.3-160000.1.1.ppc64le",
"product_id": "kepler-0.11.3-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kepler-0.11.3-160000.1.1.s390x",
"product": {
"name": "kepler-0.11.3-160000.1.1.s390x",
"product_id": "kepler-0.11.3-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kepler-0.11.3-160000.1.1.x86_64",
"product": {
"name": "kepler-0.11.3-160000.1.1.x86_64",
"product_id": "kepler-0.11.3-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kepler-0.11.3-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.aarch64"
},
"product_reference": "kepler-0.11.3-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kepler-0.11.3-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.ppc64le"
},
"product_reference": "kepler-0.11.3-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kepler-0.11.3-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.s390x"
},
"product_reference": "kepler-0.11.3-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kepler-0.11.3-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.x86_64"
},
"product_reference": "kepler-0.11.3-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.s390x",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.s390x",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.s390x",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T08:53:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.s390x",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.s390x",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.s390x",
"openSUSE Leap 16.0:kepler-0.11.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T08:53:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
OPENSUSE-SU-2026:20318-1
Vulnerability from csaf_opensuse - Published: 2026-03-03 14:44 - Updated: 2026-03-03 14:44Summary
Security update for gitea-tea
Severity
Moderate
Notes
Title of the patch: Security update for gitea-tea
Description of the patch: This update for gitea-tea fixes the following issues:
Changes in gitea-tea:
- update to 0.12.0:
* New Features
- Add tea actions commands for managing workflow runs and
workflows in #880, #796
- Add tea api subcommand for arbitrary API calls not covered by
existing commands in #879
- Add repository webhook management commands in #798
- Add JSON output support for single PR view in #864
- Add JSON output and file redirection for issue detail view in
#841
- Support creating AGit flow pull requests in #867
* Bug Fixes
- Fix authentication via environment variables when specifying
repo argument in #809
- Fix issue detail view ignoring --owner flag in #899
- Fix PR create crash in #823
- Fix TTY prompt handling in #897
- Fix termenv OSC RGBA handling in #907
- Fix labels delete command and --id flag type in #865
- Fix delete repo command description in #858
- Fix pagination flags for secrets list, webhooks list, and
pull requests list in #853, #852,
- #851
- Enable git worktree support and improve PR create error
handling in #850
- Only prompt for SSH passphrase when necessary in #844
- Only prompt for login confirmation when no default login is
set in #839
- Skip token uniqueness check when using SSH authentication in
#898
- Require non-empty token in GetLoginByToken in #895
- Fix config file permissions to remove group read/write in
#856
* Improvements
- Add file locking for safe concurrent access to config file in
#881
- Improve error messages throughout the CLI in #871
- Send consistent HTTP request headers in #888
- Revert requiring HTTP/HTTPS login URLs; restore SSH as a
login method in #891
- Refactor context into dedicated subpackages in #873, #888
- General code cleanup and improvements in #869, #870
- Add test coverage for login matching in #820
* Build & Dependencies
- Build with Go 1.25 in #886
- Build for Windows aarch64
- Update Gitea SDK version in #868
- Update Nix flake in #872
- Update dependencies including lipgloss v2, urfave/cli v3.6.2,
go-git v5.16.5, and various Go modules in #849, #875, #876,
#878, #884, #885, #900, #901, #904, #905
- Update CI actions (checkout v6, setup-go v6) in #882, #883
Patchnames: openSUSE-Leap-16.0-packagehub-146
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gitea-tea-bash-completion-0.12.0-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gitea-tea-zsh-completion-0.12.0-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gitea-tea-bash-completion-0.12.0-bp160.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:gitea-tea-zsh-completion-0.12.0-bp160.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for gitea-tea",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for gitea-tea fixes the following issues:\n\nChanges in gitea-tea:\n\n- update to 0.12.0:\n * New Features\n - Add tea actions commands for managing workflow runs and\n workflows in #880, #796\n - Add tea api subcommand for arbitrary API calls not covered by\n existing commands in #879\n - Add repository webhook management commands in #798\n - Add JSON output support for single PR view in #864\n - Add JSON output and file redirection for issue detail view in\n #841\n - Support creating AGit flow pull requests in #867\n * Bug Fixes\n - Fix authentication via environment variables when specifying\n repo argument in #809\n - Fix issue detail view ignoring --owner flag in #899\n - Fix PR create crash in #823\n - Fix TTY prompt handling in #897\n - Fix termenv OSC RGBA handling in #907\n - Fix labels delete command and --id flag type in #865\n - Fix delete repo command description in #858\n - Fix pagination flags for secrets list, webhooks list, and\n pull requests list in #853, #852,\n - #851\n - Enable git worktree support and improve PR create error\n handling in #850\n - Only prompt for SSH passphrase when necessary in #844\n - Only prompt for login confirmation when no default login is\n set in #839\n - Skip token uniqueness check when using SSH authentication in\n #898\n - Require non-empty token in GetLoginByToken in #895\n - Fix config file permissions to remove group read/write in\n #856\n * Improvements\n - Add file locking for safe concurrent access to config file in\n #881\n - Improve error messages throughout the CLI in #871\n - Send consistent HTTP request headers in #888\n - Revert requiring HTTP/HTTPS login URLs; restore SSH as a\n login method in #891\n - Refactor context into dedicated subpackages in #873, #888\n - General code cleanup and improvements in #869, #870\n - Add test coverage for login matching in #820\n * Build \u0026 Dependencies\n - Build with Go 1.25 in #886\n - Build for Windows aarch64\n - Update Gitea SDK version in #868\n - Update Nix flake in #872\n - Update dependencies including lipgloss v2, urfave/cli v3.6.2,\n go-git v5.16.5, and various Go modules in #849, #875, #876,\n #878, #884, #885, #900, #901, #904, #905\n - Update CI actions (checkout v6, setup-go v6) in #882, #883\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-146",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20318-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for gitea-tea",
"tracking": {
"current_release_date": "2026-03-03T14:44:11Z",
"generator": {
"date": "2026-03-03T14:44:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20318-1",
"initial_release_date": "2026-03-03T14:44:11Z",
"revision_history": [
{
"date": "2026-03-03T14:44:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gitea-tea-0.12.0-bp160.1.1.aarch64",
"product": {
"name": "gitea-tea-0.12.0-bp160.1.1.aarch64",
"product_id": "gitea-tea-0.12.0-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gitea-tea-bash-completion-0.12.0-bp160.1.1.noarch",
"product": {
"name": "gitea-tea-bash-completion-0.12.0-bp160.1.1.noarch",
"product_id": "gitea-tea-bash-completion-0.12.0-bp160.1.1.noarch"
}
},
{
"category": "product_version",
"name": "gitea-tea-zsh-completion-0.12.0-bp160.1.1.noarch",
"product": {
"name": "gitea-tea-zsh-completion-0.12.0-bp160.1.1.noarch",
"product_id": "gitea-tea-zsh-completion-0.12.0-bp160.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gitea-tea-0.12.0-bp160.1.1.ppc64le",
"product": {
"name": "gitea-tea-0.12.0-bp160.1.1.ppc64le",
"product_id": "gitea-tea-0.12.0-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gitea-tea-0.12.0-bp160.1.1.s390x",
"product": {
"name": "gitea-tea-0.12.0-bp160.1.1.s390x",
"product_id": "gitea-tea-0.12.0-bp160.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gitea-tea-0.12.0-bp160.1.1.x86_64",
"product": {
"name": "gitea-tea-0.12.0-bp160.1.1.x86_64",
"product_id": "gitea-tea-0.12.0-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gitea-tea-0.12.0-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.aarch64"
},
"product_reference": "gitea-tea-0.12.0-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitea-tea-0.12.0-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.ppc64le"
},
"product_reference": "gitea-tea-0.12.0-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitea-tea-0.12.0-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.s390x"
},
"product_reference": "gitea-tea-0.12.0-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitea-tea-0.12.0-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.x86_64"
},
"product_reference": "gitea-tea-0.12.0-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitea-tea-bash-completion-0.12.0-bp160.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:gitea-tea-bash-completion-0.12.0-bp160.1.1.noarch"
},
"product_reference": "gitea-tea-bash-completion-0.12.0-bp160.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitea-tea-zsh-completion-0.12.0-bp160.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:gitea-tea-zsh-completion-0.12.0-bp160.1.1.noarch"
},
"product_reference": "gitea-tea-zsh-completion-0.12.0-bp160.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:gitea-tea-bash-completion-0.12.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:gitea-tea-zsh-completion-0.12.0-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:gitea-tea-bash-completion-0.12.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:gitea-tea-zsh-completion-0.12.0-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:gitea-tea-bash-completion-0.12.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:gitea-tea-zsh-completion-0.12.0-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T14:44:11Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:gitea-tea-bash-completion-0.12.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:gitea-tea-zsh-completion-0.12.0-bp160.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:gitea-tea-bash-completion-0.12.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:gitea-tea-zsh-completion-0.12.0-bp160.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:gitea-tea-0.12.0-bp160.1.1.x86_64",
"openSUSE Leap 16.0:gitea-tea-bash-completion-0.12.0-bp160.1.1.noarch",
"openSUSE Leap 16.0:gitea-tea-zsh-completion-0.12.0-bp160.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T14:44:11Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
OPENSUSE-SU-2026:20327-1
Vulnerability from csaf_opensuse - Published: 2026-03-05 14:27 - Updated: 2026-03-05 14:27Summary
Security update for helm
Severity
Moderate
Notes
Title of the patch: Security update for helm
Description of the patch: This update for helm fixes the following issues:
- Update to version 3.19.1:
* CVE-2025-47911: golang.org/x/net/html: Fixed various algorithms with
quadratic complexity when parsing HTML documents (bsc#1251442)
* CVE-2025-58190: golang.org/x/net/html: Fixed xcessive memory
consumption by `html.ParseFragment` when processing specially
crafted input (bsc#1251649)
* jsonschema: warn and ignore unresolved URN $ref to match
v3.18.4
* Avoid "panic: interface conversion: interface {} is nil"
* Fix `helm pull` untar dir check with repo urls
* Fix deprecation warning
* Add timeout flag to repo add and update flags
- Update to version 3.19.0:
* bump version to v3.19.0
* fix: use username and password if provided
* fix(helm-lint): fmt
* fix(helm-lint): Add TLSClientConfig
* fix(helm-lint): Add HTTP/HTTPS URL support for json schema references
* chore(deps): bump the k8s-io group with 7 updates
* fix: go mod tidy for v3
* fix Chart.yaml handling
* Handle messy index files
* json schema fix
* fix: k8s version parsing to match original
* Do not explicitly set SNI in HTTPGetter
* Disabling linter due to unknown issue
* Updating link handling
* fix: user username password for login
* Update pkg/registry/transport.go
* fix: add debug logging to oci transport
* fix: legacy docker support broken for login
* fix: plugin installer test with no Internet
* Handle an empty registry config file.
* Prevent fetching newReference again as we have in calling method
* Prevent failure when resolving version tags in oras memory store
* fix(client): skipnode utilization for PreCopy
* test: Skip instead of returning early. looks more intentional
* test: tests repo stripping functionality
* test: include tests for Login based on different protocol prefixes
* fix(client): layers now returns manifest - remove duplicate from descriptors
* fix(client): return nil on non-allowed media types
* Fix 3.18.0 regression: registry login with scheme
* Update pkg/plugin/plugin.go
* Wait for Helm v4 before raising when platformCommand and Command are set
* Revert "fix (helm) : toToml` renders int as float [ backport to v3 ]"
* build(deps): bump the k8s-io group with 7 updates
* chore: update generalization warning message
* fix: move warning to top of block
* fix: govulncheck workflow
* fix: replace fmt warning with slog
* fix: add warning when ignore repo flag
* feat: add httproute from gateway-api to create chart template
- Update to version 3.18.6:
* fix(helm-lint): fmt
* fix(helm-lint): Add TLSClientConfig
* fix(helm-lint): Add HTTP/HTTPS URL support for json schema
references
- Update to version 3.18.5:
* fix Chart.yaml handling 7799b48 (Matt Farina)
* Handle messy index files dd8502f (Matt Farina)
* json schema fix cb8595b (Robert Sirchia)
- Fix shell completion dependencies
* Add BuildRequires to prevent inclusion of folders owned by shells.
* Add Requires because installing completions without appropriate
shell is questionable.
- Fix zsh completion location
Patchnames: openSUSE-Leap-16.0-360
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:helm-3.19.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:helm-3.19.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:helm-3.19.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:helm-3.19.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:helm-bash-completion-3.19.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:helm-fish-completion-3.19.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:helm-zsh-completion-3.19.1-160000.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:helm-3.19.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:helm-3.19.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:helm-3.19.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:helm-3.19.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:helm-bash-completion-3.19.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:helm-fish-completion-3.19.1-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:helm-zsh-completion-3.19.1-160000.1.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for helm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for helm fixes the following issues:\n\n- Update to version 3.19.1:\n * CVE-2025-47911: golang.org/x/net/html: Fixed various algorithms with\n quadratic complexity when parsing HTML documents (bsc#1251442)\n * CVE-2025-58190: golang.org/x/net/html: Fixed xcessive memory\n consumption by `html.ParseFragment` when processing specially\n crafted input (bsc#1251649)\n * jsonschema: warn and ignore unresolved URN $ref to match\n v3.18.4\n * Avoid \"panic: interface conversion: interface {} is nil\"\n * Fix `helm pull` untar dir check with repo urls\n * Fix deprecation warning\n * Add timeout flag to repo add and update flags\n\n- Update to version 3.19.0:\n * bump version to v3.19.0\n * fix: use username and password if provided\n * fix(helm-lint): fmt\n * fix(helm-lint): Add TLSClientConfig\n * fix(helm-lint): Add HTTP/HTTPS URL support for json schema references\n * chore(deps): bump the k8s-io group with 7 updates\n * fix: go mod tidy for v3\n * fix Chart.yaml handling\n * Handle messy index files\n * json schema fix\n * fix: k8s version parsing to match original\n * Do not explicitly set SNI in HTTPGetter\n * Disabling linter due to unknown issue\n * Updating link handling\n * fix: user username password for login\n * Update pkg/registry/transport.go\n * fix: add debug logging to oci transport\n * fix: legacy docker support broken for login\n * fix: plugin installer test with no Internet\n * Handle an empty registry config file.\n * Prevent fetching newReference again as we have in calling method\n * Prevent failure when resolving version tags in oras memory store\n * fix(client): skipnode utilization for PreCopy\n * test: Skip instead of returning early. looks more intentional\n * test: tests repo stripping functionality\n * test: include tests for Login based on different protocol prefixes\n * fix(client): layers now returns manifest - remove duplicate from descriptors\n * fix(client): return nil on non-allowed media types\n * Fix 3.18.0 regression: registry login with scheme\n * Update pkg/plugin/plugin.go\n * Wait for Helm v4 before raising when platformCommand and Command are set\n * Revert \"fix (helm) : toToml` renders int as float [ backport to v3 ]\"\n * build(deps): bump the k8s-io group with 7 updates\n * chore: update generalization warning message\n * fix: move warning to top of block\n * fix: govulncheck workflow\n * fix: replace fmt warning with slog\n * fix: add warning when ignore repo flag\n * feat: add httproute from gateway-api to create chart template\n\n- Update to version 3.18.6:\n * fix(helm-lint): fmt\n * fix(helm-lint): Add TLSClientConfig\n * fix(helm-lint): Add HTTP/HTTPS URL support for json schema\n references\n\n- Update to version 3.18.5:\n * fix Chart.yaml handling 7799b48 (Matt Farina)\n * Handle messy index files dd8502f (Matt Farina)\n * json schema fix cb8595b (Robert Sirchia)\n\n- Fix shell completion dependencies\n * Add BuildRequires to prevent inclusion of folders owned by shells.\n * Add Requires because installing completions without appropriate\n shell is questionable.\n\n- Fix zsh completion location\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-360",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20327-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1251442",
"url": "https://bugzilla.suse.com/1251442"
},
{
"category": "self",
"summary": "SUSE Bug 1251649",
"url": "https://bugzilla.suse.com/1251649"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for helm",
"tracking": {
"current_release_date": "2026-03-05T14:27:21Z",
"generator": {
"date": "2026-03-05T14:27:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20327-1",
"initial_release_date": "2026-03-05T14:27:21Z",
"revision_history": [
{
"date": "2026-03-05T14:27:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "helm-3.19.1-160000.1.1.aarch64",
"product": {
"name": "helm-3.19.1-160000.1.1.aarch64",
"product_id": "helm-3.19.1-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-bash-completion-3.19.1-160000.1.1.noarch",
"product": {
"name": "helm-bash-completion-3.19.1-160000.1.1.noarch",
"product_id": "helm-bash-completion-3.19.1-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "helm-fish-completion-3.19.1-160000.1.1.noarch",
"product": {
"name": "helm-fish-completion-3.19.1-160000.1.1.noarch",
"product_id": "helm-fish-completion-3.19.1-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "helm-zsh-completion-3.19.1-160000.1.1.noarch",
"product": {
"name": "helm-zsh-completion-3.19.1-160000.1.1.noarch",
"product_id": "helm-zsh-completion-3.19.1-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.19.1-160000.1.1.ppc64le",
"product": {
"name": "helm-3.19.1-160000.1.1.ppc64le",
"product_id": "helm-3.19.1-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.19.1-160000.1.1.s390x",
"product": {
"name": "helm-3.19.1-160000.1.1.s390x",
"product_id": "helm-3.19.1-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.19.1-160000.1.1.x86_64",
"product": {
"name": "helm-3.19.1-160000.1.1.x86_64",
"product_id": "helm-3.19.1-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.19.1-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:helm-3.19.1-160000.1.1.aarch64"
},
"product_reference": "helm-3.19.1-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.19.1-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:helm-3.19.1-160000.1.1.ppc64le"
},
"product_reference": "helm-3.19.1-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.19.1-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:helm-3.19.1-160000.1.1.s390x"
},
"product_reference": "helm-3.19.1-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.19.1-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:helm-3.19.1-160000.1.1.x86_64"
},
"product_reference": "helm-3.19.1-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.19.1-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:helm-bash-completion-3.19.1-160000.1.1.noarch"
},
"product_reference": "helm-bash-completion-3.19.1-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-fish-completion-3.19.1-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:helm-fish-completion-3.19.1-160000.1.1.noarch"
},
"product_reference": "helm-fish-completion-3.19.1-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.19.1-160000.1.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:helm-zsh-completion-3.19.1-160000.1.1.noarch"
},
"product_reference": "helm-zsh-completion-3.19.1-160000.1.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.s390x",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:helm-bash-completion-3.19.1-160000.1.1.noarch",
"openSUSE Leap 16.0:helm-fish-completion-3.19.1-160000.1.1.noarch",
"openSUSE Leap 16.0:helm-zsh-completion-3.19.1-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.s390x",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:helm-bash-completion-3.19.1-160000.1.1.noarch",
"openSUSE Leap 16.0:helm-fish-completion-3.19.1-160000.1.1.noarch",
"openSUSE Leap 16.0:helm-zsh-completion-3.19.1-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.s390x",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:helm-bash-completion-3.19.1-160000.1.1.noarch",
"openSUSE Leap 16.0:helm-fish-completion-3.19.1-160000.1.1.noarch",
"openSUSE Leap 16.0:helm-zsh-completion-3.19.1-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-05T14:27:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.s390x",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:helm-bash-completion-3.19.1-160000.1.1.noarch",
"openSUSE Leap 16.0:helm-fish-completion-3.19.1-160000.1.1.noarch",
"openSUSE Leap 16.0:helm-zsh-completion-3.19.1-160000.1.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.s390x",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:helm-bash-completion-3.19.1-160000.1.1.noarch",
"openSUSE Leap 16.0:helm-fish-completion-3.19.1-160000.1.1.noarch",
"openSUSE Leap 16.0:helm-zsh-completion-3.19.1-160000.1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.s390x",
"openSUSE Leap 16.0:helm-3.19.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:helm-bash-completion-3.19.1-160000.1.1.noarch",
"openSUSE Leap 16.0:helm-fish-completion-3.19.1-160000.1.1.noarch",
"openSUSE Leap 16.0:helm-zsh-completion-3.19.1-160000.1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-05T14:27:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
OPENSUSE-SU-2026:20654-1
Vulnerability from csaf_opensuse - Published: 2026-04-29 16:12 - Updated: 2026-04-29 16:12Summary
Security update for grafana
Severity
Critical
Notes
Title of the patch: Security update for grafana
Description of the patch: This update for grafana fixes the following issues:
Changes in grafana:
- Update to version 11.6.11:
Features and enhancements:
* Alerting: Add limits for the size of expanded notification
templates
* Correlations: Remove support for org_id=0
Security:
* CVE-2026-21722: Public dashboards annotations: use dashboard
timerange if time selection disabled (bsc#1258136)
- Update to version 11.6.10:
Features and enhancements:
* API: Add missing scope check on dashboards
* Avatar: Require sign-in, remove queue, respect timeout
Bug fixes:
* Alerting: Fix a race condition panic in ResetStateByRuleUID
- Update to version 11.6.9:
Features and enhancements:
* Plugins: Add PluginContext to plugins when scenes is disabled
Bug fixes:
* Alerting: Fix contacts point issues
- Update to version 11.6.8:
Bug fixes:
* Alerting: Fix unmarshalling of GettableStatus to include time
intervals
- Update to version 11.6.7:
Bug fixes:
* Auth: Fix render user OAuth passthrough
* LDAP Authentication: Fix URL to propagate username context as
parameter
* Plugins: Dependencies do not inherit parent URL for preinstall
* URLParams: Stringify true values as key=true always (fixes
issues with variables with true value)
- Update to version 11.6.6:
Bug fixes:
* Alerting: Fix copying of recording rule fields
* Fix redirection after login when Grafana is served from subpath
- Update to version 11.6.5:
Features and enhancements:
* Alerting: Bump alerting package to include change to
NewTLSClient
- Update to version 11.6.4:
Features and enhancements:
* StateTimeline: Add endTime to tooltip
* Unified storage: Respect GF_DATABASE_URL override
Bug fixes:
* Alerting: Fix group interval override when adding new rules
* Azure: Fix legend formatting
* Azure: Fix resource name determination in template variable
queries
* Graphite: Fix annotation queries
* Graphite: Fix date mutation
* Graphite: Fix nested variable interpolation for repeated rows
- Update to version 11.6.3:
Security:
* Fixes CVE-2025-3415
- Update to version 11.6.2:
Bug fixes:
* Dashboard: Fixes issue with row repeats and first row
* Graphite: Ensure template variables are interpolated correctly
* Graphite: Fix Graphite series interpolation
* Prometheus: Fix semver import path
- Update to version 11.6.1:
Features and enhancements:
* DashboardScenePage: Correct slug in self referencing data links
* GrafanaUI: Use safePolygon close handler for interactive
tooltips instead of a delay
* Prometheus: Add support for cloud partners Prometheus data
sources
Bug fixes:
* Alertmanager: Add Role-Based Access Control via reqAction Field
* GrafanaUI: Remove blurred background from overlay backdrops to
improve performance
* InfluxDB: Fix nested variable interpolation
* LDAP test: Fix page crash
* Org redirection: Fix linking between orgs
- Upgrade to version 11.6.0:
Features and enhancements:
* Visualisations: One click links and actions
* Annotations: Add cron syntax support
* WebGL-powered geomaps for better performance
* Alerting: Add alert rule version history
Security:
* API keys: Migrate API keys to service accounts at startup
- CVE-2026-21721: Fix access control by the dashboard permissions API (bsc#1257337)
- CVE-2026-21720: Fix unauthenticated DoS (bsc#1257349)
- CVE-2025-68156: Fix potential DoS via unbounded recursion in builtin functions (bsc#1255340)
- CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client (bsc#1254113)
- Use forked wire from Grafana repository instead of external
package (jsc#PED-14178).
- Update to version 11.5.10:
Security:
* CVE-2025-47911: Fix parsing HTML documents (bsc#1251454)
* CVE-2025-58190: Fix excessive memory consumption (bsc#1251657)
Features and enhancements:
* Update to Go 1.25
* Update to golang.org/x/net v0.45.0
Bug fixes:
* Auth: Fix render user OAuth passthrough.
* LDAP Authentication: Fix URL to propagate username context as
parameter.
* Plugins: Dependencies do not inherit parent URL for preinstall.
- Update to version 11.5.9:
* Security:
CVE-2025-11065: Fix sensitive information leak in logs
(bsc#1250616)
* Features and enhancements:
Auditing: Document new options for recording datasource query
request/response body.
* Bug fixes:
Login: Fix redirection after login when Grafana is served from
subpath.
- Update to version 11.5.8:
* No relevant changes
- Update to version 11.5.7:
* Security:
CVE-2025-6023: Fix cross-site-scripting via scripted dashboards (bsc#1246735)
CVE-2025-6197: Fix open redirect in organization switching (bsc#1246736)
* Bug fixes:
Azure: Fix legend formatting.
Azure: Fix resource name determination in template variable
queries.
- Update to version 11.5.6:
* Security:
CVE-2025-3415: Fix exposure of DingDing alerting integration
URL to Viewer level users (bsc#1245302)
- Update to version 11.5.5 (jsc#PED-12918):
* Security:
CVE-2025-4123: Fix cross-site scripting vulnerability (bsc#1243714).
CVE-2025-22872: Bump golang.org/x/net/html (bsc#1241809)
CVE-2025-3580: Prevent unauthorized server admin deletion (bsc#1243672).
- Update to version 11.5.4:
* Security:
CVE-2025-29923: Bump github.com/redis/go-redis/v9 to 9.6.3.
CVE-2025-3454: Sanitize paths before evaluating access to route (bsc#1241683).
CVE-2025-2703: Fix built-in XY Chart plugin (bsc#1241687).
* Features and enhancements:
Azure Monitor: Filter namespaces by resource group.
Azure: Add support for custom namespace and custom metrics
variable queries.
Azure: Resource picker improvements.
Azure: Support more complex variable interpolation.
Azure: Variable editor and resource picker improvements.
DashboardScenePage: Correct slug in self referencing data
links.
Prometheus: Add support for cloud partners Prometheus data
sources.
* Bug fixes:
InfluxDB: Fix nested variable interpolation.
LDAP test: Fix page crash.
- Update to version 11.5.3:
* Security:
CVE-2025-22870: Bump golang.org/x/net (bsc#1238703).
* Bug fixes:
Alerting: Fix token-based Slack image upload to work with
channel names.
Auth: Fix AzureAD config UI's ClientAuthentication dropdown.
Dashboard: Fix the unintentional time range and variables
updates on saving.
Dashboards: Fix missing v/e/i keybindings to return back to
dashboard.
InfluxDB: Improve handling of template variables contained in
regular expressions (InfluxQL).
Org redirection: Fix linking between orgs.
- Update to version 11.5.2:
* Bug fixes:
Alerting: Allow specifying uid for new rules added to groups.
Alerting: Call RLock() before reading sendAlertsTo map.
Auth: Fix redirect with JWT auth URL login.
AuthN: Refetch user on "ErrUserAlreadyExists".
Azure: Correctly set application insights resource values.
DashboardList: Throttle the re-renders.
Dashboards: Bring back scripted dashboards.
Plugin Metrics: Eliminate data race in plugin metrics
middleware.
RBAC: Don't check folder access if annotationPermissionUpdate
FT is enabled.
- Update to version 11.5.1:
* Bug fixes:
CodeEditor: Fix cursor alignment.
TransformationFilter: Include transformation outputs in
transformation filtering options.
- Upgrade to version 11.5.0:
* Breaking changes:
Loki: Default to /labels API with query param instead of
/series API.
* Features and enhancements:
Extended Cloud Migration Assistent support for plugins and
alerts.
Redesigned filters for dashboards.
New regular expression option for Extract fields
transformation.
Redesigned sharing experience in Dashboards.
Customizable shareable dashboard panel images.
RBAC for alerting notifications and notification policies.
Add support for Elasticsearch cross-cluster search.
Time series macro support in visual query builder for SQL data
sources.
OAuth and SAML session handling improvements.
Plugin Frontend Sandbox for additiona security.
Renamed Public dashboards to Shared dashboards.
- Update to version 11.4.1:
* Bug fixes:
Alerting: AlertingQueryRunner should skip descendant nodes of
invalid queries.
Alerting: Fix alert rules unpausing after moving rule to
different folder.
Alerting: Fix label escaping in rule export.
Alerting: Fix slack image uploading to use new api.
Azure/GCM: Improve error display.
Dashboards: Fix issue where filtered panels would not react to
variable changes.
Dashboards: Fixes issue with panel header showing even when
hide time override was enabled.
Dashboards: Fixes week relative time ranges when weekStart was
changed.
Dashboards: Panel react for timeFrom and timeShift changes
using variables.
DateTimePicker: Fixes issue with date picker showing invalid
date.
Fix: Add support for datasource variable queries.
InfluxDB: Adhoc filters can use template vars as values.
LibraryPanel: Fallback to panel title if library panel title is
not set.
- Upgrade to version 11.4.0:
* Features and enhancements:
Cloudwatch: OpenSearch PPL and SQL support in Logs Insights.
- Update to version 11.3.1:
* Features and enhancements:
Alerting: Make context deadline on AlertNG service startup
configurable.
MigrationAssistant: Restrict dashboards, folders and
datasources by the org id of the signed in
user.
User: Check SignedInUser OrgID in RevokeInvite.
* Bug fixes:
Alerting: Fix escaping of silence matchers in utf8 mode.
Alerting: Fix overflow for long receiver names.
Alerting: Fix saving advanced mode toggle state in the alert
rule editor.
Alerting: Fix setting datasource uid, when datasource is string
in old version.
Alerting: Force refetch prom rules when refreshing panel.
Anonymous User: Adds validator service for anonymous users.
Azure Monitor: Support metric namespaces fallback.
Azure: Fix duplicated traces in multi-resource trace query.
Azure: Handle namespace request rejection.
CloudWatch: Interpolate region in log context query.
Dashboard datasource: Return annotations as series when query
topic is "annotations".
Dashboard: Append orgId to URL.
Dashboards: Fixes performance issue expanding a row.
Flame Graph: Fix crash when it receives empty data.
Folders: Add admin permissions upon creation of a folder w. SA.
Folders: Don't show error pop-up if the user can't fetch the
root folder.
Migration: Remove table aliasing in delete statement to make it
work for mariadb.
ServerLock: Fix pg concurrency/locking issue.
Service Accounts: Run service account creation in transaction.
Table: Fix text wrapping applying to wrong field.
Unified Storage: Use ssl_mode instead of sslmode.
- Update to version 11.3.0+security-01:
* Security:
CVE-2024-9476: Fix Migration Assistant issue (bsc#1233343)
- Upgrade to version 11.3.0:
* Features and enhancements:
View mode and Edit mode are generally available.
Template variables and the time range picker remain visible
when scrolling.
Added timezone parameter in Grafana URL.
Kiosk mode displays dashboard controls.
Auto-formatted table cell values in Cell Inspect.
Allow adding actions to canvas elements.
Legend support in bar gauge visualizations.
Apply the same binary transformation to all the number fields
in a given table at once.
Add support for data links and actions in several
visualizations.
The Explore Logs plugin is installed by default.
Added correlations to external URLs in Explore.
Simplified query section for alert rule creation.
Introduced recording rules for Grafana-managed alerts.
GitHub App authentication for the GitHub data source.
Improved subfolder creation flow.
Redesigned plugin details page.
Added UI for LDAP configuration.
Added RBAC support in Plugins.
- Update to version 11.2.2+security-01:
* Bug fix:
SQL Expressions: Fixes CVE-2024-9264 (bsc#1231844)
- Update to version 11.2.2:
* Features and enhancements:
Data sources: Hide the datasource redirection banner for users
who can't interact with data sources.
* Bug fixes:
Alerting: Fix preview of silences when label name contains
spaces.
Alerting: Make query wrapper match up datasource UIDs if
necessary.
AzureMonitor: Improve resource picker efficiency.
AzureMonitor: Remove Basic Logs retention warning.
CloudWatch: Fix segfault when migrating legacy queries.
DashboardScene: Fix broken error handling and error rendering.
Plugins: Avoid returning 404 for AutoEnabled apps.
- Update to version 11.2.1:
* Features and enhancements:
Alerting: Support for optimistic concurrency in priovisioning
Tempate API.
Logs panel: Enable displayedFields in dashboards and apps.
State timeline: Add pagination support.
* Bug fixes:
Authn: No longer hash service account token twice during
authentication.
CloudMigrations: Fix snapshot creation on Windows systems.
DashGPT: Fixes issue with generation on Safari.
Dashboard: Fix Annotation runtime error when a data source does
not support annotations.
Grafana SQL: Fix broken import in NumberInput component.
Logs: Show older logs button when infinite scroll is enabled
and sort order is descending.
RBAC: Fix an issue with server admins not being able to manage
users in orgs that they don't belong to.
Templating: Fix searching non-latin template variables.
- Upgrade to version 11.2.0:
* Features and enhancements:
Grafana Cloud Migration Assistant is in public preview.
Added navigation bookmarks.
Added template variables support in some transformations.
Introduced Transpose transformation.
Group to nested tables is now generally available.
Format string transformation is now generally available.
New cumulative and window calculations available in Add field
from calculation.
Canvas: Standardized tooltips.
Canvas: Allow adding data links without using an override.
Canvas: Allow opening data links with a single click.
Canvas: Add the ability to control the order in which data
links are displayed.
Added pagination support for state timeline.
Centralized alert history page.
Grafana Explore now allows for logs filtering and pinning in
content outline.
Added forward direction search for Loki.
Added Cloudwatch Metric Insights cross account observability
support.
Added Yugabyte data source.
Map org-specific user roles from your OAuth provider.
Better SAML integration for Azure AD.
API support for LDAP configuration (experimental).
OpenID Connect Discovery URL for Generic OAuth.
- Update to version 11.1.5:
* Bug fixes:
Alerting: Fix permissions for prometheus rule endpoints.
Alerting: Fix persisting result fingerprint that is used by
recovery threshold.
RBAC: Fix an issue with server admins not being able to manage
users in orgs that they don't belong to.
Snapshots: Fix panic when snapshot_remove_expired is true.
VizTooltip: Fix positioning at bottom and right edges on
mobile.
Plugins: Fix QueryField typeahead missing background color.
- Update to version 11.1.3:
* Bug fix:
RBAC: Allow plugins to use scoped actions.
- Update to version 11.1.1:
* Bug fixes:
Alerting: Skip fetching alerts for unsaved dashboards.
Alerting: Support utf8_strict_mode: false in Mimir.
Scenes: Fixes issue with panel repeat height calculation.
Table Panel: Fix Image hover without datalinks.
Tempo: Fix grpc streaming support over pdc-agent.
RBAC: Allow plugins to use scoped actions.
- Upgrade to version 11.1.0:
* Security:
CVE-2023-45288: Bump golang.org/x/net (bsc#1236510)
* Features and improvements:
Allow table cell text wrapping.
Added stat visualization percent change color mode options.
XA chart is generally available.
Redesigned settings page for Alerting.
Added alerting template selector.
Added OAuth2 to HTTP settings for vanilla Alertmanager / Mimir.
Improved paused alert visibility.
Rule-specific silences with permissions.
Support for AWS SNS integration in Grafana-managed alerts.
Added GeoMap and panel shortcut keyboard support.
Accessability headings improvements.
Added reduced motion support.
- Update to version 11.0.1:
* Breaking changes:
If you had selected your language as "Portugus Brasileiro"
previously, this will be reset. You have to select it again in
your Preferences for the fix to be applied and the translations
will then be shown.
* Bug fixes:
Echo: Suppress errors from frontend-metrics API call failing.
Analytics: Fix ApplicationInsights integration.
DashboardScene: Fixes issue removing override rule.
BrowseDashboards: Prepend subpath to New Browse Dashboard
actions.
Alerting: Fix rule storage to filter by group names using
case-sensitive comparison.
RBAC: List only the folders that the user has access to.
DashboardScene: Fixes lack of re-render when updating field
override properties.
DashboardScene: Fixes inspect with transforms issue.
AzureMonitor: Fix bug detecting app insights queries.
Access Control: Clean up permissions for deprovisioned data
sources.
Loki: Fix editor history in wrong order.
SSE: Fix threshold unmarshal to avoid panic.
LibraryPanels/RBAC: Ignore old folder permission check when
deleting/patching lib panel.
Dashboards: Correctly display Admin access to dashboards in the
UI.
LogsTable: Fix default sort by time.
Alerting: Fix rules deleting when reordering whilst filtered.
Alerting: Fix typo in JSON response for rule export.
CloudMonitoring: Fix query type selection issue.
Alerting: Fix scheduler to sort rules before evaluation.
DashboardScene: Skip panel repeats when values are the same.
Alerting: Do not store series values from past evaluations in
state manager for no reason.
DashboardScene: Fixing major row repeat issues.
DashboardScene: Fixes checkbox orienation in save forms.
- Upgrade to version 11.0.0:
* Breaking changes:
AngularJS support is turned off by default.
Legacy alerting is entirely removed.
Subfolders cause very rare issues with folders which have
slashes in their names.
The input data source is removed.
Data sources: Responses which are associated with hidden
queries will be removed (filtered) by Grafana.
The URL which is generated when viewing an individual repeated
panel has changed.
React Router is deprecated.
The grafana/e2e testing tool is deprecated.
* Features and enhancements:
Introduced Explore Metrics (public preview) and Explore Logs
(experimental).
Introduced edit mode to provide an easier way to discover and
interact with the dashboard edit exprerience.
Fixed positioning of template variables and time picker.
Introduced dashboard subfolders.
Use AI to generate titles and descriptions for panels and
dashboards.
Canvas: Enhanced flowcharting functionality.
Canvas: Universal data link support.
Canvas: Added infinite panning editor option.
Added colored table rows with conditional formatting.
Set threshold colors in the Config from query transformation.
Substring matcher added to the Filter by value transformation.
Keep Last State for Grafana Managed Alerting.
Redesigned alert detail view.
The Alerting Provisioning HTTP API has been updated to enforce
RBAC.
Removed old Tempo Search and Loki Search.
MSSQL: Windows Active Directory (Kerberos) authentication.
New strong password policy.
- CVE-2025-27144: Fix Go JOSE's Parsing Vulnerability (bsc#1237671)
- CVE-2024-51744: Fix bad documentation of error handling in ParseWithClaims (bsc#1232975)
- CVE-2024-45339: Fix vulnerability when creating log files (bsc#1236559)
- Update to version 10.4.15:
* Bugfixes
CVE-2024-11741: Fix the Grafana Alerting VictorOps integration
(bsc#1236734)
Chore: Bump dependency golang.org/x/crypto to v0.31.0
- Update to version 10.4.14:
* Bugfixes
Alerting: Do not fetch Orgs if the user is authenticated by
apikey/sa or render key
Patchnames: openSUSE-Leap-16.0-packagehub-225
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.9 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.6 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.6 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.2 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
111 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for grafana",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for grafana fixes the following issues:\n\nChanges in grafana:\n\n- Update to version 11.6.11:\n Features and enhancements:\n * Alerting: Add limits for the size of expanded notification\n templates\n * Correlations: Remove support for org_id=0\n Security:\n * CVE-2026-21722: Public dashboards annotations: use dashboard\n timerange if time selection disabled (bsc#1258136)\n\n- Update to version 11.6.10:\n Features and enhancements:\n * API: Add missing scope check on dashboards\n * Avatar: Require sign-in, remove queue, respect timeout\n Bug fixes:\n * Alerting: Fix a race condition panic in ResetStateByRuleUID\n\n- Update to version 11.6.9:\n Features and enhancements:\n * Plugins: Add PluginContext to plugins when scenes is disabled\n Bug fixes:\n * Alerting: Fix contacts point issues\n\n- Update to version 11.6.8:\n Bug fixes:\n * Alerting: Fix unmarshalling of GettableStatus to include time\n intervals\n\n- Update to version 11.6.7:\n Bug fixes:\n * Auth: Fix render user OAuth passthrough\n * LDAP Authentication: Fix URL to propagate username context as\n parameter\n * Plugins: Dependencies do not inherit parent URL for preinstall\n * URLParams: Stringify true values as key=true always (fixes\n issues with variables with true value)\n\n- Update to version 11.6.6:\n Bug fixes:\n * Alerting: Fix copying of recording rule fields\n * Fix redirection after login when Grafana is served from subpath\n\n- Update to version 11.6.5:\n Features and enhancements:\n * Alerting: Bump alerting package to include change to\n NewTLSClient\n\n- Update to version 11.6.4:\n Features and enhancements:\n * StateTimeline: Add endTime to tooltip\n * Unified storage: Respect GF_DATABASE_URL override\n Bug fixes:\n * Alerting: Fix group interval override when adding new rules\n * Azure: Fix legend formatting\n * Azure: Fix resource name determination in template variable\n queries\n * Graphite: Fix annotation queries\n * Graphite: Fix date mutation\n * Graphite: Fix nested variable interpolation for repeated rows\n\n- Update to version 11.6.3:\n Security:\n * Fixes CVE-2025-3415\n\n- Update to version 11.6.2:\n Bug fixes:\n * Dashboard: Fixes issue with row repeats and first row\n * Graphite: Ensure template variables are interpolated correctly\n * Graphite: Fix Graphite series interpolation\n * Prometheus: Fix semver import path\n\n- Update to version 11.6.1:\n Features and enhancements:\n * DashboardScenePage: Correct slug in self referencing data links\n * GrafanaUI: Use safePolygon close handler for interactive\n tooltips instead of a delay\n * Prometheus: Add support for cloud partners Prometheus data\n sources\n Bug fixes:\n * Alertmanager: Add Role-Based Access Control via reqAction Field\n * GrafanaUI: Remove blurred background from overlay backdrops to\n improve performance\n * InfluxDB: Fix nested variable interpolation\n * LDAP test: Fix page crash\n * Org redirection: Fix linking between orgs\n\n- Upgrade to version 11.6.0:\n Features and enhancements:\n * Visualisations: One click links and actions\n * Annotations: Add cron syntax support\n * WebGL-powered geomaps for better performance\n * Alerting: Add alert rule version history\n Security:\n * API keys: Migrate API keys to service accounts at startup\n\n- CVE-2026-21721: Fix access control by the dashboard permissions API (bsc#1257337)\n- CVE-2026-21720: Fix unauthenticated DoS (bsc#1257349)\n- CVE-2025-68156: Fix potential DoS via unbounded recursion in builtin functions (bsc#1255340)\n- CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client (bsc#1254113)\n\n- Use forked wire from Grafana repository instead of external\n package (jsc#PED-14178).\n\n- Update to version 11.5.10:\n Security:\n * CVE-2025-47911: Fix parsing HTML documents (bsc#1251454)\n * CVE-2025-58190: Fix excessive memory consumption (bsc#1251657)\n Features and enhancements:\n * Update to Go 1.25\n * Update to golang.org/x/net v0.45.0\n Bug fixes:\n * Auth: Fix render user OAuth passthrough.\n * LDAP Authentication: Fix URL to propagate username context as\n parameter.\n * Plugins: Dependencies do not inherit parent URL for preinstall.\n\n- Update to version 11.5.9:\n * Security:\n CVE-2025-11065: Fix sensitive information leak in logs\n (bsc#1250616)\n * Features and enhancements:\n Auditing: Document new options for recording datasource query\n request/response body.\n * Bug fixes:\n Login: Fix redirection after login when Grafana is served from\n subpath.\n\n- Update to version 11.5.8:\n * No relevant changes\n\n- Update to version 11.5.7:\n * Security:\n CVE-2025-6023: Fix cross-site-scripting via scripted dashboards (bsc#1246735)\n CVE-2025-6197: Fix open redirect in organization switching (bsc#1246736)\n * Bug fixes:\n Azure: Fix legend formatting.\n Azure: Fix resource name determination in template variable\n queries.\n\n- Update to version 11.5.6:\n * Security:\n CVE-2025-3415: Fix exposure of DingDing alerting integration\n URL to Viewer level users (bsc#1245302)\n\n- Update to version 11.5.5 (jsc#PED-12918):\n * Security:\n CVE-2025-4123: Fix cross-site scripting vulnerability (bsc#1243714).\n CVE-2025-22872: Bump golang.org/x/net/html (bsc#1241809)\n CVE-2025-3580: Prevent unauthorized server admin deletion (bsc#1243672).\n\n- Update to version 11.5.4:\n * Security:\n CVE-2025-29923: Bump github.com/redis/go-redis/v9 to 9.6.3.\n CVE-2025-3454: Sanitize paths before evaluating access to route (bsc#1241683).\n CVE-2025-2703: Fix built-in XY Chart plugin (bsc#1241687).\n * Features and enhancements:\n Azure Monitor: Filter namespaces by resource group.\n Azure: Add support for custom namespace and custom metrics\n variable queries.\n Azure: Resource picker improvements.\n Azure: Support more complex variable interpolation.\n Azure: Variable editor and resource picker improvements.\n DashboardScenePage: Correct slug in self referencing data\n links.\n Prometheus: Add support for cloud partners Prometheus data\n sources.\n * Bug fixes:\n InfluxDB: Fix nested variable interpolation.\n LDAP test: Fix page crash.\n\n- Update to version 11.5.3:\n * Security:\n CVE-2025-22870: Bump golang.org/x/net (bsc#1238703).\n * Bug fixes:\n Alerting: Fix token-based Slack image upload to work with\n channel names.\n Auth: Fix AzureAD config UI\u0027s ClientAuthentication dropdown.\n Dashboard: Fix the unintentional time range and variables\n updates on saving.\n Dashboards: Fix missing v/e/i keybindings to return back to\n dashboard.\n InfluxDB: Improve handling of template variables contained in\n regular expressions (InfluxQL).\n Org redirection: Fix linking between orgs.\n\n- Update to version 11.5.2:\n * Bug fixes:\n Alerting: Allow specifying uid for new rules added to groups.\n Alerting: Call RLock() before reading sendAlertsTo map.\n Auth: Fix redirect with JWT auth URL login.\n AuthN: Refetch user on \"ErrUserAlreadyExists\".\n Azure: Correctly set application insights resource values.\n DashboardList: Throttle the re-renders.\n Dashboards: Bring back scripted dashboards.\n Plugin Metrics: Eliminate data race in plugin metrics\n middleware.\n RBAC: Don\u0027t check folder access if annotationPermissionUpdate\n FT is enabled.\n\n- Update to version 11.5.1:\n * Bug fixes:\n CodeEditor: Fix cursor alignment.\n TransformationFilter: Include transformation outputs in\n transformation filtering options.\n\n- Upgrade to version 11.5.0:\n * Breaking changes:\n Loki: Default to /labels API with query param instead of\n /series API.\n * Features and enhancements:\n Extended Cloud Migration Assistent support for plugins and\n alerts.\n Redesigned filters for dashboards.\n New regular expression option for Extract fields\n transformation.\n Redesigned sharing experience in Dashboards.\n Customizable shareable dashboard panel images.\n RBAC for alerting notifications and notification policies.\n Add support for Elasticsearch cross-cluster search.\n Time series macro support in visual query builder for SQL data\n sources.\n OAuth and SAML session handling improvements.\n Plugin Frontend Sandbox for additiona security.\n Renamed Public dashboards to Shared dashboards.\n\n- Update to version 11.4.1:\n * Bug fixes:\n Alerting: AlertingQueryRunner should skip descendant nodes of\n invalid queries.\n Alerting: Fix alert rules unpausing after moving rule to\n different folder.\n Alerting: Fix label escaping in rule export.\n Alerting: Fix slack image uploading to use new api.\n Azure/GCM: Improve error display.\n Dashboards: Fix issue where filtered panels would not react to\n variable changes.\n Dashboards: Fixes issue with panel header showing even when\n hide time override was enabled.\n Dashboards: Fixes week relative time ranges when weekStart was\n changed.\n Dashboards: Panel react for timeFrom and timeShift changes\n using variables.\n DateTimePicker: Fixes issue with date picker showing invalid\n date.\n Fix: Add support for datasource variable queries.\n InfluxDB: Adhoc filters can use template vars as values.\n LibraryPanel: Fallback to panel title if library panel title is\n not set.\n\n- Upgrade to version 11.4.0:\n * Features and enhancements:\n Cloudwatch: OpenSearch PPL and SQL support in Logs Insights.\n\n- Update to version 11.3.1:\n * Features and enhancements:\n Alerting: Make context deadline on AlertNG service startup\n configurable.\n MigrationAssistant: Restrict dashboards, folders and\n datasources by the org id of the signed in\n user.\n User: Check SignedInUser OrgID in RevokeInvite.\n * Bug fixes:\n Alerting: Fix escaping of silence matchers in utf8 mode.\n Alerting: Fix overflow for long receiver names.\n Alerting: Fix saving advanced mode toggle state in the alert\n rule editor.\n Alerting: Fix setting datasource uid, when datasource is string\n in old version.\n Alerting: Force refetch prom rules when refreshing panel.\n Anonymous User: Adds validator service for anonymous users.\n Azure Monitor: Support metric namespaces fallback.\n Azure: Fix duplicated traces in multi-resource trace query.\n Azure: Handle namespace request rejection.\n CloudWatch: Interpolate region in log context query.\n Dashboard datasource: Return annotations as series when query\n topic is \"annotations\".\n Dashboard: Append orgId to URL.\n Dashboards: Fixes performance issue expanding a row.\n Flame Graph: Fix crash when it receives empty data.\n Folders: Add admin permissions upon creation of a folder w. SA.\n Folders: Don\u0027t show error pop-up if the user can\u0027t fetch the\n root folder.\n Migration: Remove table aliasing in delete statement to make it\n work for mariadb.\n ServerLock: Fix pg concurrency/locking issue.\n Service Accounts: Run service account creation in transaction.\n Table: Fix text wrapping applying to wrong field.\n Unified Storage: Use ssl_mode instead of sslmode.\n\n- Update to version 11.3.0+security-01:\n * Security:\n CVE-2024-9476: Fix Migration Assistant issue (bsc#1233343)\n\n- Upgrade to version 11.3.0:\n * Features and enhancements:\n View mode and Edit mode are generally available.\n Template variables and the time range picker remain visible\n when scrolling.\n Added timezone parameter in Grafana URL.\n Kiosk mode displays dashboard controls.\n Auto-formatted table cell values in Cell Inspect.\n Allow adding actions to canvas elements.\n Legend support in bar gauge visualizations.\n Apply the same binary transformation to all the number fields\n in a given table at once.\n Add support for data links and actions in several\n visualizations.\n The Explore Logs plugin is installed by default.\n Added correlations to external URLs in Explore.\n Simplified query section for alert rule creation.\n Introduced recording rules for Grafana-managed alerts.\n GitHub App authentication for the GitHub data source.\n Improved subfolder creation flow.\n Redesigned plugin details page.\n Added UI for LDAP configuration.\n Added RBAC support in Plugins.\n\n- Update to version 11.2.2+security-01:\n * Bug fix:\n SQL Expressions: Fixes CVE-2024-9264 (bsc#1231844)\n\n- Update to version 11.2.2:\n * Features and enhancements:\n Data sources: Hide the datasource redirection banner for users\n who can\u0027t interact with data sources.\n * Bug fixes:\n Alerting: Fix preview of silences when label name contains\n spaces.\n Alerting: Make query wrapper match up datasource UIDs if\n necessary.\n AzureMonitor: Improve resource picker efficiency.\n AzureMonitor: Remove Basic Logs retention warning.\n CloudWatch: Fix segfault when migrating legacy queries.\n DashboardScene: Fix broken error handling and error rendering.\n Plugins: Avoid returning 404 for AutoEnabled apps.\n\n- Update to version 11.2.1:\n * Features and enhancements:\n Alerting: Support for optimistic concurrency in priovisioning\n Tempate API.\n Logs panel: Enable displayedFields in dashboards and apps.\n State timeline: Add pagination support.\n * Bug fixes:\n Authn: No longer hash service account token twice during\n authentication.\n CloudMigrations: Fix snapshot creation on Windows systems.\n DashGPT: Fixes issue with generation on Safari.\n Dashboard: Fix Annotation runtime error when a data source does\n not support annotations.\n Grafana SQL: Fix broken import in NumberInput component.\n Logs: Show older logs button when infinite scroll is enabled\n and sort order is descending.\n RBAC: Fix an issue with server admins not being able to manage\n users in orgs that they don\u0027t belong to.\n Templating: Fix searching non-latin template variables.\n\n- Upgrade to version 11.2.0:\n * Features and enhancements:\n Grafana Cloud Migration Assistant is in public preview.\n Added navigation bookmarks.\n Added template variables support in some transformations.\n Introduced Transpose transformation.\n Group to nested tables is now generally available.\n Format string transformation is now generally available.\n New cumulative and window calculations available in Add field\n from calculation.\n Canvas: Standardized tooltips.\n Canvas: Allow adding data links without using an override.\n Canvas: Allow opening data links with a single click.\n Canvas: Add the ability to control the order in which data\n links are displayed.\n Added pagination support for state timeline.\n Centralized alert history page.\n Grafana Explore now allows for logs filtering and pinning in\n content outline.\n Added forward direction search for Loki.\n Added Cloudwatch Metric Insights cross account observability\n support.\n Added Yugabyte data source.\n Map org-specific user roles from your OAuth provider.\n Better SAML integration for Azure AD.\n API support for LDAP configuration (experimental).\n OpenID Connect Discovery URL for Generic OAuth.\n\n- Update to version 11.1.5:\n * Bug fixes:\n Alerting: Fix permissions for prometheus rule endpoints.\n Alerting: Fix persisting result fingerprint that is used by\n recovery threshold.\n RBAC: Fix an issue with server admins not being able to manage\n users in orgs that they don\u0027t belong to.\n Snapshots: Fix panic when snapshot_remove_expired is true.\n VizTooltip: Fix positioning at bottom and right edges on\n mobile.\n Plugins: Fix QueryField typeahead missing background color.\n\n- Update to version 11.1.3:\n * Bug fix:\n RBAC: Allow plugins to use scoped actions.\n\n- Update to version 11.1.1:\n * Bug fixes:\n Alerting: Skip fetching alerts for unsaved dashboards.\n Alerting: Support utf8_strict_mode: false in Mimir.\n Scenes: Fixes issue with panel repeat height calculation.\n Table Panel: Fix Image hover without datalinks.\n Tempo: Fix grpc streaming support over pdc-agent.\n RBAC: Allow plugins to use scoped actions.\n\n- Upgrade to version 11.1.0:\n * Security:\n CVE-2023-45288: Bump golang.org/x/net (bsc#1236510)\n * Features and improvements:\n Allow table cell text wrapping.\n Added stat visualization percent change color mode options.\n XA chart is generally available.\n Redesigned settings page for Alerting.\n Added alerting template selector.\n Added OAuth2 to HTTP settings for vanilla Alertmanager / Mimir.\n Improved paused alert visibility.\n Rule-specific silences with permissions.\n Support for AWS SNS integration in Grafana-managed alerts.\n Added GeoMap and panel shortcut keyboard support.\n Accessability headings improvements.\n Added reduced motion support.\n\n- Update to version 11.0.1:\n * Breaking changes:\n If you had selected your language as \"Portugus Brasileiro\"\n previously, this will be reset. You have to select it again in\n your Preferences for the fix to be applied and the translations\n will then be shown.\n * Bug fixes:\n Echo: Suppress errors from frontend-metrics API call failing.\n Analytics: Fix ApplicationInsights integration.\n DashboardScene: Fixes issue removing override rule.\n BrowseDashboards: Prepend subpath to New Browse Dashboard\n actions.\n Alerting: Fix rule storage to filter by group names using\n case-sensitive comparison.\n RBAC: List only the folders that the user has access to.\n DashboardScene: Fixes lack of re-render when updating field\n override properties.\n DashboardScene: Fixes inspect with transforms issue.\n AzureMonitor: Fix bug detecting app insights queries.\n Access Control: Clean up permissions for deprovisioned data\n sources.\n Loki: Fix editor history in wrong order.\n SSE: Fix threshold unmarshal to avoid panic.\n LibraryPanels/RBAC: Ignore old folder permission check when\n deleting/patching lib panel.\n Dashboards: Correctly display Admin access to dashboards in the\n UI.\n LogsTable: Fix default sort by time.\n Alerting: Fix rules deleting when reordering whilst filtered.\n Alerting: Fix typo in JSON response for rule export.\n CloudMonitoring: Fix query type selection issue.\n Alerting: Fix scheduler to sort rules before evaluation.\n DashboardScene: Skip panel repeats when values are the same.\n Alerting: Do not store series values from past evaluations in\n state manager for no reason.\n DashboardScene: Fixing major row repeat issues.\n DashboardScene: Fixes checkbox orienation in save forms.\n\n- Upgrade to version 11.0.0:\n * Breaking changes:\n AngularJS support is turned off by default.\n Legacy alerting is entirely removed.\n Subfolders cause very rare issues with folders which have\n slashes in their names.\n The input data source is removed.\n Data sources: Responses which are associated with hidden\n queries will be removed (filtered) by Grafana.\n The URL which is generated when viewing an individual repeated\n panel has changed.\n React Router is deprecated.\n The grafana/e2e testing tool is deprecated.\n * Features and enhancements:\n Introduced Explore Metrics (public preview) and Explore Logs\n (experimental).\n Introduced edit mode to provide an easier way to discover and\n interact with the dashboard edit exprerience.\n Fixed positioning of template variables and time picker.\n Introduced dashboard subfolders.\n Use AI to generate titles and descriptions for panels and\n dashboards.\n Canvas: Enhanced flowcharting functionality.\n Canvas: Universal data link support.\n Canvas: Added infinite panning editor option.\n Added colored table rows with conditional formatting.\n Set threshold colors in the Config from query transformation.\n Substring matcher added to the Filter by value transformation.\n Keep Last State for Grafana Managed Alerting.\n Redesigned alert detail view.\n The Alerting Provisioning HTTP API has been updated to enforce\n RBAC.\n Removed old Tempo Search and Loki Search.\n MSSQL: Windows Active Directory (Kerberos) authentication.\n New strong password policy.\n\n- CVE-2025-27144: Fix Go JOSE\u0027s Parsing Vulnerability (bsc#1237671)\n- CVE-2024-51744: Fix bad documentation of error handling in ParseWithClaims (bsc#1232975)\n- CVE-2024-45339: Fix vulnerability when creating log files (bsc#1236559)\n\n- Update to version 10.4.15:\n * Bugfixes\n CVE-2024-11741: Fix the Grafana Alerting VictorOps integration\n (bsc#1236734)\n Chore: Bump dependency golang.org/x/crypto to v0.31.0\n\n- Update to version 10.4.14:\n * Bugfixes\n Alerting: Do not fetch Orgs if the user is authenticated by\n apikey/sa or render key\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-225",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20654-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1231844",
"url": "https://bugzilla.suse.com/1231844"
},
{
"category": "self",
"summary": "SUSE Bug 1232975",
"url": "https://bugzilla.suse.com/1232975"
},
{
"category": "self",
"summary": "SUSE Bug 1233343",
"url": "https://bugzilla.suse.com/1233343"
},
{
"category": "self",
"summary": "SUSE Bug 1235206",
"url": "https://bugzilla.suse.com/1235206"
},
{
"category": "self",
"summary": "SUSE Bug 1235574",
"url": "https://bugzilla.suse.com/1235574"
},
{
"category": "self",
"summary": "SUSE Bug 1236510",
"url": "https://bugzilla.suse.com/1236510"
},
{
"category": "self",
"summary": "SUSE Bug 1236559",
"url": "https://bugzilla.suse.com/1236559"
},
{
"category": "self",
"summary": "SUSE Bug 1236734",
"url": "https://bugzilla.suse.com/1236734"
},
{
"category": "self",
"summary": "SUSE Bug 1237671",
"url": "https://bugzilla.suse.com/1237671"
},
{
"category": "self",
"summary": "SUSE Bug 1238703",
"url": "https://bugzilla.suse.com/1238703"
},
{
"category": "self",
"summary": "SUSE Bug 1241683",
"url": "https://bugzilla.suse.com/1241683"
},
{
"category": "self",
"summary": "SUSE Bug 1241687",
"url": "https://bugzilla.suse.com/1241687"
},
{
"category": "self",
"summary": "SUSE Bug 1241809",
"url": "https://bugzilla.suse.com/1241809"
},
{
"category": "self",
"summary": "SUSE Bug 1243672",
"url": "https://bugzilla.suse.com/1243672"
},
{
"category": "self",
"summary": "SUSE Bug 1243714",
"url": "https://bugzilla.suse.com/1243714"
},
{
"category": "self",
"summary": "SUSE Bug 1245302",
"url": "https://bugzilla.suse.com/1245302"
},
{
"category": "self",
"summary": "SUSE Bug 1246735",
"url": "https://bugzilla.suse.com/1246735"
},
{
"category": "self",
"summary": "SUSE Bug 1246736",
"url": "https://bugzilla.suse.com/1246736"
},
{
"category": "self",
"summary": "SUSE Bug 1250616",
"url": "https://bugzilla.suse.com/1250616"
},
{
"category": "self",
"summary": "SUSE Bug 1251454",
"url": "https://bugzilla.suse.com/1251454"
},
{
"category": "self",
"summary": "SUSE Bug 1251657",
"url": "https://bugzilla.suse.com/1251657"
},
{
"category": "self",
"summary": "SUSE Bug 1254113",
"url": "https://bugzilla.suse.com/1254113"
},
{
"category": "self",
"summary": "SUSE Bug 1255340",
"url": "https://bugzilla.suse.com/1255340"
},
{
"category": "self",
"summary": "SUSE Bug 1257337",
"url": "https://bugzilla.suse.com/1257337"
},
{
"category": "self",
"summary": "SUSE Bug 1257349",
"url": "https://bugzilla.suse.com/1257349"
},
{
"category": "self",
"summary": "SUSE Bug 1258136",
"url": "https://bugzilla.suse.com/1258136"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-11741 page",
"url": "https://www.suse.com/security/cve/CVE-2024-11741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28180 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45339 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-51744 page",
"url": "https://www.suse.com/security/cve/CVE-2024-51744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-9264 page",
"url": "https://www.suse.com/security/cve/CVE-2024-9264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-9476 page",
"url": "https://www.suse.com/security/cve/CVE-2024-9476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-11065 page",
"url": "https://www.suse.com/security/cve/CVE-2025-11065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21613 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-29923 page",
"url": "https://www.suse.com/security/cve/CVE-2025-29923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3415 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3454 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3454/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3580 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4123 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6023 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6197 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64751 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68156 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21720 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21721 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21722 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21722/"
}
],
"title": "Security update for grafana",
"tracking": {
"current_release_date": "2026-04-29T16:12:10Z",
"generator": {
"date": "2026-04-29T16:12:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20654-1",
"initial_release_date": "2026-04-29T16:12:10Z",
"revision_history": [
{
"date": "2026-04-29T16:12:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-11.6.11-bp160.1.1.aarch64",
"product": {
"name": "grafana-11.6.11-bp160.1.1.aarch64",
"product_id": "grafana-11.6.11-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-11.6.11-bp160.1.1.ppc64le",
"product": {
"name": "grafana-11.6.11-bp160.1.1.ppc64le",
"product_id": "grafana-11.6.11-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-11.6.11-bp160.1.1.s390x",
"product": {
"name": "grafana-11.6.11-bp160.1.1.s390x",
"product_id": "grafana-11.6.11-bp160.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-11.6.11-bp160.1.1.x86_64",
"product": {
"name": "grafana-11.6.11-bp160.1.1.x86_64",
"product_id": "grafana-11.6.11-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64"
},
"product_reference": "grafana-11.6.11-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le"
},
"product_reference": "grafana-11.6.11-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x"
},
"product_reference": "grafana-11.6.11-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
},
"product_reference": "grafana-11.6.11-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-11741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-11741"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. \nThe Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. \nFixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-11741",
"url": "https://www.suse.com/security/cve/CVE-2024-11741"
},
{
"category": "external",
"summary": "SUSE Bug 1236734 for CVE-2024-11741",
"url": "https://bugzilla.suse.com/1236734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-11741"
},
{
"cve": "CVE-2024-28180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28180"
}
],
"notes": [
{
"category": "general",
"text": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28180",
"url": "https://www.suse.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "SUSE Bug 1234984 for CVE-2024-28180",
"url": "https://bugzilla.suse.com/1234984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-28180"
},
{
"cve": "CVE-2024-45339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45339"
}
],
"notes": [
{
"category": "general",
"text": "When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process\u0027s log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45339",
"url": "https://www.suse.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "SUSE Bug 1236541 for CVE-2024-45339",
"url": "https://bugzilla.suse.com/1236541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "important"
}
],
"title": "CVE-2024-45339"
},
{
"cve": "CVE-2024-51744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-51744"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-51744",
"url": "https://www.suse.com/security/cve/CVE-2024-51744"
},
{
"category": "external",
"summary": "SUSE Bug 1232936 for CVE-2024-51744",
"url": "https://bugzilla.suse.com/1232936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-51744"
},
{
"cve": "CVE-2024-9264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-9264"
}
],
"notes": [
{
"category": "general",
"text": "The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana\u0027s $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-9264",
"url": "https://www.suse.com/security/cve/CVE-2024-9264"
},
{
"category": "external",
"summary": "SUSE Bug 1231844 for CVE-2024-9264",
"url": "https://bugzilla.suse.com/1231844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "critical"
}
],
"title": "CVE-2024-9264"
},
{
"cve": "CVE-2024-9476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-9476"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will only affect users who utilize the Organizations feature to isolate resources on their Grafana instance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-9476",
"url": "https://www.suse.com/security/cve/CVE-2024-9476"
},
{
"category": "external",
"summary": "SUSE Bug 1233343 for CVE-2024-9476",
"url": "https://bugzilla.suse.com/1233343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-9476"
},
{
"cve": "CVE-2025-11065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-11065"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-11065",
"url": "https://www.suse.com/security/cve/CVE-2025-11065"
},
{
"category": "external",
"summary": "SUSE Bug 1250608 for CVE-2025-11065",
"url": "https://bugzilla.suse.com/1250608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-11065"
},
{
"cve": "CVE-2025-21613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21613"
}
],
"notes": [
{
"category": "general",
"text": "go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21613",
"url": "https://www.suse.com/security/cve/CVE-2025-21613"
},
{
"category": "external",
"summary": "SUSE Bug 1235572 for CVE-2025-21613",
"url": "https://bugzilla.suse.com/1235572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "important"
}
],
"title": "CVE-2025-21613"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-2703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2703"
}
],
"notes": [
{
"category": "general",
"text": "The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. \n\nA user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2703",
"url": "https://www.suse.com/security/cve/CVE-2025-2703"
},
{
"category": "external",
"summary": "SUSE Bug 1241687 for CVE-2025-2703",
"url": "https://bugzilla.suse.com/1241687"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-2703"
},
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
},
{
"cve": "CVE-2025-29923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-29923"
}
],
"notes": [
{
"category": "general",
"text": "go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when `CLIENT SETINFO` times out during connection establishment. This can happen when the client is configured to transmit its identity, there are network connectivity issues, or the client was configured with aggressive timeouts. The problem occurs for multiple use cases. For sticky connections, you receive persistent out-of-order responses for the lifetime of the connection. All commands in the pipeline receive incorrect responses. When used with the default ConnPool once a connection is returned after use with ConnPool#Put the read buffer will be checked and the connection will be marked as bad due to the unread data. This means that at most one out-of-order response before the connection is discarded. This issue is fixed in 9.5.5, 9.6.3, and 9.7.3. You can prevent the vulnerability by setting the flag DisableIndentity to true when constructing the client instance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-29923",
"url": "https://www.suse.com/security/cve/CVE-2025-29923"
},
{
"category": "external",
"summary": "SUSE Bug 1241152 for CVE-2025-29923",
"url": "https://bugzilla.suse.com/1241152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "low"
}
],
"title": "CVE-2025-29923"
},
{
"cve": "CVE-2025-3415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3415"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. \nFixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3415",
"url": "https://www.suse.com/security/cve/CVE-2025-3415"
},
{
"category": "external",
"summary": "SUSE Bug 1245302 for CVE-2025-3415",
"url": "https://bugzilla.suse.com/1245302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-3415"
},
{
"cve": "CVE-2025-3454",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3454"
}
],
"notes": [
{
"category": "general",
"text": "This vulnerability in Grafana\u0027s datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path.\n\nUsers with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources.\n\nThe issue primarily affects datasources that implement route-specific permissions, including Alertmanager and certain Prometheus-based datasources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3454",
"url": "https://www.suse.com/security/cve/CVE-2025-3454"
},
{
"category": "external",
"summary": "SUSE Bug 1241683 for CVE-2025-3454",
"url": "https://bugzilla.suse.com/1241683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-3454"
},
{
"cve": "CVE-2025-3580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3580"
}
],
"notes": [
{
"category": "general",
"text": "An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint.\n\nThe vulnerability can be exploited when:\n\n1. An Organization administrator exists\n\n2. The Server administrator is either:\n\n - Not part of any organization, or\n - Part of the same organization as the Organization administrator\nImpact:\n\n- Organization administrators can permanently delete Server administrator accounts\n\n- If the only Server administrator is deleted, the Grafana instance becomes unmanageable\n\n- No super-user permissions remain in the system\n\n- Affects all users, organizations, and teams managed in the instance\n\nThe vulnerability is particularly serious as it can lead to a complete loss of administrative control over the Grafana instance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3580",
"url": "https://www.suse.com/security/cve/CVE-2025-3580"
},
{
"category": "external",
"summary": "SUSE Bug 1243672 for CVE-2025-3580",
"url": "https://bugzilla.suse.com/1243672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-3580"
},
{
"cve": "CVE-2025-4123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4123"
}
],
"notes": [
{
"category": "general",
"text": "A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.\n\nThe default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4123",
"url": "https://www.suse.com/security/cve/CVE-2025-4123"
},
{
"category": "external",
"summary": "SUSE Bug 1243714 for CVE-2025-4123",
"url": "https://bugzilla.suse.com/1243714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "important"
}
],
"title": "CVE-2025-4123"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
},
{
"cve": "CVE-2025-6023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6023"
}
],
"notes": [
{
"category": "general",
"text": "An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0.\n\nThe open redirect can be chained with path traversal vulnerabilities to achieve XSS.\n\nFixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6023",
"url": "https://www.suse.com/security/cve/CVE-2025-6023"
},
{
"category": "external",
"summary": "SUSE Bug 1246735 for CVE-2025-6023",
"url": "https://bugzilla.suse.com/1246735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "important"
}
],
"title": "CVE-2025-6023"
},
{
"cve": "CVE-2025-6197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6197"
}
],
"notes": [
{
"category": "general",
"text": "An open redirect vulnerability has been identified in Grafana OSS organization switching functionality.\n\n\nPrerequisites for exploitation:\n\n- Multiple organizations must exist in the Grafana instance\n\n- Victim must be on a different organization than the one specified in the URL",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6197",
"url": "https://www.suse.com/security/cve/CVE-2025-6197"
},
{
"category": "external",
"summary": "SUSE Bug 1246736 for CVE-2025-6197",
"url": "https://bugzilla.suse.com/1246736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-6197"
},
{
"cve": "CVE-2025-64751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64751"
}
],
"notes": [
{
"category": "general",
"text": "OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 ( openfga-0.1.34 \u003c= Helm chart \u003c= openfga-0.2.48, v.1.4.0 \u003c= docker \u003c= v.1.11.0) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. This issue has been patched in version 1.11.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64751",
"url": "https://www.suse.com/security/cve/CVE-2025-64751"
},
{
"category": "external",
"summary": "SUSE Bug 1254112 for CVE-2025-64751",
"url": "https://bugzilla.suse.com/1254112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "important"
}
],
"title": "CVE-2025-64751"
},
{
"cve": "CVE-2025-68156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68156"
}
],
"notes": [
{
"category": "general",
"text": "Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68156",
"url": "https://www.suse.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "SUSE Bug 1255330 for CVE-2025-68156",
"url": "https://bugzilla.suse.com/1255330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "important"
}
],
"title": "CVE-2025-68156"
},
{
"cve": "CVE-2026-21720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21720"
}
],
"notes": [
{
"category": "general",
"text": "Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21720",
"url": "https://www.suse.com/security/cve/CVE-2026-21720"
},
{
"category": "external",
"summary": "SUSE Bug 1257349 for CVE-2026-21720",
"url": "https://bugzilla.suse.com/1257349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "important"
}
],
"title": "CVE-2026-21720"
},
{
"cve": "CVE-2026-21721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21721"
}
],
"notes": [
{
"category": "general",
"text": "The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization-internal privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21721",
"url": "https://www.suse.com/security/cve/CVE-2026-21721"
},
{
"category": "external",
"summary": "SUSE Bug 1257337 for CVE-2026-21721",
"url": "https://bugzilla.suse.com/1257337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "important"
}
],
"title": "CVE-2026-21721"
},
{
"cve": "CVE-2026-21722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21722"
}
],
"notes": [
{
"category": "general",
"text": "Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange.\n\nThis did not leak any annotations that would not otherwise be visible on the public dashboard.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21722",
"url": "https://www.suse.com/security/cve/CVE-2026-21722"
},
{
"category": "external",
"summary": "SUSE Bug 1258136 for CVE-2026-21722",
"url": "https://bugzilla.suse.com/1258136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.aarch64",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.s390x",
"openSUSE Leap 16.0:grafana-11.6.11-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-29T16:12:10Z",
"details": "moderate"
}
],
"title": "CVE-2026-21722"
}
]
}
RHSA-2026:2571
Vulnerability from csaf_redhat - Published: 2026-02-11 15:58 - Updated: 2026-06-23 17:47Summary
Red Hat Security Advisory: multicluster engine for Kubernetes v2.9.2 security update
Severity
Important
Notes
Topic: The multicluster engine for Kubernetes 2.9 General Availability release images,
which add new features and enhancements, bug fixes, and updated container images.
Details: The multicluster engine for Kubernetes v2.9 images
The multicluster engine for Kubernetes provides the foundational components
that are necessary for the centralized management of multiple
Kubernetes-based clusters across data centers, public clouds, and private
clouds.
You can use the engine to create new Red Hat OpenShift Container Platform
clusters or to bring existing Kubernetes-based clusters under management by
importing them. After the clusters are managed, you can use the APIs that
are provided by the engine to distribute configuration based on placement
policy.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.
7.0 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64 | — |
Vendor Fix
fix
|
Known not affected
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.
4.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
116 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le | — |
Vendor Fix
fix
|
Known not affected
112 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64 | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x | — | ||
| Unresolved product id: multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64 | — |
Threats
Impact
Important
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The multicluster engine for Kubernetes 2.9 General Availability release images,\nwhich add new features and enhancements, bug fixes, and updated container images.",
"title": "Topic"
},
{
"category": "general",
"text": "The multicluster engine for Kubernetes v2.9 images\n\nThe multicluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds.\n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters or to bring existing Kubernetes-based clusters under management by\nimporting them. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2571",
"url": "https://access.redhat.com/errata/RHSA-2026:2571"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47907",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58190",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2571.json"
}
],
"title": "Red Hat Security Advisory: multicluster engine for Kubernetes v2.9.2 security update",
"tracking": {
"current_release_date": "2026-06-23T17:47:27+00:00",
"generator": {
"date": "2026-06-23T17:47:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:2571",
"initial_release_date": "2026-02-11T15:58:30+00:00",
"revision_history": [
{
"date": "2026-02-11T15:58:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-11T15:58:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T17:47:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "multicluster engine for Kubernetes 2.9",
"product": {
"name": "multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_engine:2.9::el9"
}
}
}
],
"category": "product_family",
"name": "multicluster engine for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"product_id": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"product_identification_helper": {
"purl": "pkg:oci/addon-manager-rhel9@sha256%3Acc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693820"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"product_id": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel9@sha256%3Afea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770594104"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"product_id": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"product_identification_helper": {
"purl": "pkg:oci/backplane-rhel9-operator@sha256%3Aa498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770302751"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-api-provider-agent-rhel9@sha256%3A4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770104648"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-api-provider-kubevirt-rhel9@sha256%3Aadfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770190066"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"product_id": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/capoa-bootstrap-rhel9@sha256%3A6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770710226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"product_id": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/capoa-control-plane-rhel9@sha256%3A7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770710226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"product_id": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mce-capi-webhook-config-rhel9@sha256%3Ab7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770667801"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"product_id": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-curator-controller-rhel9@sha256%3Acc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769895731"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"product_id": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-image-set-controller-rhel9@sha256%3Aa6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769721748"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-proxy-addon-rhel9@sha256%3A60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770364471"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-proxy-rhel9@sha256%3Aa3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769752462"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"product_id": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clusterclaims-controller-rhel9@sha256%3Aa9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769806916"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"product_id": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clusterlifecycle-state-metrics-rhel9@sha256%3Ad0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770680860"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"product_id": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-mce-rhel9@sha256%3A0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769990869"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"product_id": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-rhel9@sha256%3A0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770059015"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"product_id": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hive-rhel9@sha256%3Ab95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770693331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"product_id": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hypershift-addon-rhel9-operator@sha256%3Aced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161940"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"product_id": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hypershift-cli-rhel9@sha256%3A371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161903"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"product_id": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hypershift-rhel9-operator@sha256%3Ae6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161899"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"product_id": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/image-based-install-rhel9@sha256%3Ab8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770290544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"product_id": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kube-rbac-proxy-mce-rhel9@sha256%3Aa6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770039904"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"product_id": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"product_identification_helper": {
"purl": "pkg:oci/managed-serviceaccount-rhel9@sha256%3A572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770680575"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"product_id": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/managedcluster-import-controller-rhel9@sha256%3Ae448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769844051"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"product_id": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicloud-manager-rhel9@sha256%3Adc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769744081"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"product_id": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/placement-rhel9@sha256%3A6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693820"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"product_id": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"product_identification_helper": {
"purl": "pkg:oci/provider-credential-controller-rhel9@sha256%3Ad23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161905"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"product_id": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/registration-rhel9@sha256%3A05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693823"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"product_id": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/registration-operator-rhel9@sha256%3A8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693820"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64",
"product_id": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64",
"product_identification_helper": {
"purl": "pkg:oci/work-rhel9@sha256%3Af9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693824"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"product_id": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/addon-manager-rhel9@sha256%3Ae4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693820"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"product_id": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel9@sha256%3A4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770594104"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"product_id": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"product_identification_helper": {
"purl": "pkg:oci/backplane-rhel9-operator@sha256%3A10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770302751"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-api-provider-agent-rhel9@sha256%3Ab2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770104648"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-api-provider-kubevirt-rhel9@sha256%3Ad9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770190066"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"product_id": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/capoa-bootstrap-rhel9@sha256%3A4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770710226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"product_id": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"product_identification_helper": {
"purl": "pkg:oci/capoa-control-plane-rhel9@sha256%3Ac39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770710226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"product_id": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mce-capi-webhook-config-rhel9@sha256%3Acc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770667801"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"product_id": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-curator-controller-rhel9@sha256%3Ae7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769895731"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"product_id": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-image-set-controller-rhel9@sha256%3A0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769721748"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-proxy-addon-rhel9@sha256%3Ad0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770364471"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-proxy-rhel9@sha256%3A84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769752462"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"product_id": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clusterclaims-controller-rhel9@sha256%3Aa53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769806916"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"product_id": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clusterlifecycle-state-metrics-rhel9@sha256%3A4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770680860"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"product_id": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-mce-rhel9@sha256%3A2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769990869"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"product_id": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-rhel9@sha256%3A32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770059015"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"product_id": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hive-rhel9@sha256%3A44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770693331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"product_id": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hypershift-addon-rhel9-operator@sha256%3A661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161940"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"product_id": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hypershift-cli-rhel9@sha256%3Ae20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161903"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"product_id": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hypershift-rhel9-operator@sha256%3A7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161899"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"product_id": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/image-based-install-rhel9@sha256%3A1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770290544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"product_id": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kube-rbac-proxy-mce-rhel9@sha256%3A47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770039904"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"product_id": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"product_identification_helper": {
"purl": "pkg:oci/managed-serviceaccount-rhel9@sha256%3A9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770680575"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"product_id": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"product_identification_helper": {
"purl": "pkg:oci/managedcluster-import-controller-rhel9@sha256%3Aba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769844051"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"product_id": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicloud-manager-rhel9@sha256%3A5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769744081"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"product_id": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"product_identification_helper": {
"purl": "pkg:oci/placement-rhel9@sha256%3A4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693820"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"product_id": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/provider-credential-controller-rhel9@sha256%3A62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161905"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"product_id": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/registration-rhel9@sha256%3A1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693823"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"product_id": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"product_identification_helper": {
"purl": "pkg:oci/registration-operator-rhel9@sha256%3A9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693820"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"product_id": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/work-rhel9@sha256%3A244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693824"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/addon-manager-rhel9@sha256%3Abcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693820"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel9@sha256%3A93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770594104"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/backplane-rhel9-operator@sha256%3Afd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770302751"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-api-provider-agent-rhel9@sha256%3A01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770104648"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-api-provider-kubevirt-rhel9@sha256%3A9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770190066"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/capoa-bootstrap-rhel9@sha256%3A0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770710226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/capoa-control-plane-rhel9@sha256%3A8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770710226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mce-capi-webhook-config-rhel9@sha256%3A1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770667801"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-curator-controller-rhel9@sha256%3A437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769895731"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-image-set-controller-rhel9@sha256%3A58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769721748"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-proxy-addon-rhel9@sha256%3Aa86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770364471"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-proxy-rhel9@sha256%3A5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769752462"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clusterclaims-controller-rhel9@sha256%3A2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769806916"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clusterlifecycle-state-metrics-rhel9@sha256%3A684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770680860"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-mce-rhel9@sha256%3Aeafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769990869"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/discovery-rhel9@sha256%3A65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770059015"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/hive-rhel9@sha256%3A8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770693331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/hypershift-addon-rhel9-operator@sha256%3Ae374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161940"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/hypershift-cli-rhel9@sha256%3A27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161903"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/hypershift-rhel9-operator@sha256%3A85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161899"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/image-based-install-rhel9@sha256%3A5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770290544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kube-rbac-proxy-mce-rhel9@sha256%3Ae04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770039904"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/managed-serviceaccount-rhel9@sha256%3A1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770680575"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/managedcluster-import-controller-rhel9@sha256%3A2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769844051"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicloud-manager-rhel9@sha256%3A8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769744081"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/placement-rhel9@sha256%3A4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693820"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/provider-credential-controller-rhel9@sha256%3Acfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161905"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/registration-rhel9@sha256%3Acc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693823"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/registration-operator-rhel9@sha256%3A2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693820"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/work-rhel9@sha256%3Aaba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693824"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"product_id": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"product_identification_helper": {
"purl": "pkg:oci/addon-manager-rhel9@sha256%3Ade69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693820"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"product_id": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel9@sha256%3A4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770594104"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"product_id": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/backplane-rhel9-operator@sha256%3A31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770302751"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-api-provider-agent-rhel9@sha256%3Ae5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770104648"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-api-provider-kubevirt-rhel9@sha256%3A8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770190066"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"product_id": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/capoa-bootstrap-rhel9@sha256%3Ae9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770710226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"product_id": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/capoa-control-plane-rhel9@sha256%3Ae0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770710226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"product_id": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mce-capi-webhook-config-rhel9@sha256%3Abdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770667801"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"product_id": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-curator-controller-rhel9@sha256%3A0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769895731"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"product_id": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-image-set-controller-rhel9@sha256%3A3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769721748"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-proxy-addon-rhel9@sha256%3A2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770364471"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-proxy-rhel9@sha256%3A63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769752462"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"product_id": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clusterclaims-controller-rhel9@sha256%3Abf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769806916"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"product_id": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clusterlifecycle-state-metrics-rhel9@sha256%3A8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770680860"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"product_id": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-mce-rhel9@sha256%3A40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769990869"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"product_id": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/discovery-rhel9@sha256%3Aa3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770059015"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"product_id": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"product_identification_helper": {
"purl": "pkg:oci/hive-rhel9@sha256%3A0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770693331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"product_id": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/hypershift-addon-rhel9-operator@sha256%3A9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161940"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"product_id": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/hypershift-cli-rhel9@sha256%3A568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161903"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"product_id": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"product_identification_helper": {
"purl": "pkg:oci/hypershift-rhel9-operator@sha256%3A89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161899"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"product_id": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"product_identification_helper": {
"purl": "pkg:oci/image-based-install-rhel9@sha256%3Afd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770290544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"product_id": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kube-rbac-proxy-mce-rhel9@sha256%3Ad69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770039904"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"product_id": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/managed-serviceaccount-rhel9@sha256%3A736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770680575"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"product_id": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/managedcluster-import-controller-rhel9@sha256%3Acd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769844051"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"product_id": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicloud-manager-rhel9@sha256%3A2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769744081"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"product_id": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/placement-rhel9@sha256%3A2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693820"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"product_id": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/provider-credential-controller-rhel9@sha256%3A3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1770161905"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"product_id": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/registration-rhel9@sha256%3A1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693823"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"product_id": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"product_identification_helper": {
"purl": "pkg:oci/registration-operator-rhel9@sha256%3Ac8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693820"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"product_id": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/work-rhel9@sha256%3Abb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1769693824"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64 as a component of multicluster engine for Kubernetes 2.9",
"product_id": "multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47907",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-08-07T16:01:06.247481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "database/sql: Postgres Scan Race Condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "RHBZ#2387083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://go.dev/cl/693735",
"url": "https://go.dev/cl/693735"
},
{
"category": "external",
"summary": "https://go.dev/issue/74831",
"url": "https://go.dev/issue/74831"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3849",
"url": "https://pkg.go.dev/vuln/GO-2025-3849"
}
],
"release_date": "2025-08-07T15:25:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:58:30+00:00",
"details": "For multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/clusters/cluster_mce_overview#mce-install-intro",
"product_ids": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "database/sql: Postgres Scan Race Condition"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:58:30+00:00",
"details": "For multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/clusters/cluster_mce_overview#mce-install-intro",
"product_ids": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58190",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-05T18:01:26.511908+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437110"
}
],
"notes": [
{
"category": "description",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "RHBZ#2437110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4441",
"url": "https://github.com/golang/vulndb/issues/4441"
},
{
"category": "external",
"summary": "https://go.dev/cl/709875",
"url": "https://go.dev/cl/709875"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4441",
"url": "https://pkg.go.dev/vuln/GO-2026-4441"
}
],
"release_date": "2026-02-05T17:48:44.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:58:30+00:00",
"details": "For multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/clusters/cluster_mce_overview#mce-install-intro",
"product_ids": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T15:58:30+00:00",
"details": "For multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/clusters/cluster_mce_overview#mce-install-intro",
"product_ids": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:bcf5e63aba5e78b6a41dadcf73b70dc9940380c232cc2931b5da3ddfe2ecf8fc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:cc10845b259f7ac1cae5b254e090d52fb9278c89d07b0b7d44a8f6f704ec6272_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:de69593578d899842a0e98781f9c3d58338ee0925fa0b6243aedbb569a64cd96_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:e4e7e0b3fc069d4746f6584047f8b40cd774b2556f11c2cabb57923a44ef389d_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:10981e0c7a156dbfd3b8cec809c618773f3d7806a2a24c0fb1cda2e93ed6ae98_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:31f187246ac7da245c160b3afc5f1187d82cd2c039f85111a338165407d7d49d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:a498c21c46341a168e51b133e07cd390d7440c3d949ac4107cd829c5b30a4614_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:fd7b341a1e55aec25f6e3221f03d140561be81a230590907dd74fe1a021df006_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:0180391fe4bca530eb5678bf95922d10365b286279b966136b67bf8d83a9a18c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:4ea287235d5dbf2385f4d217690b54cd5ce56820735ae96d66ea03d86d4426c3_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:6eec1cff0d514e343599e9c3ca7b7aa2cbff307a28e45b19364a534be4f89dd1_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-bootstrap-rhel9@sha256:e9d1e97601e8eaea73943489e782482703310d2e8f22a9fa234b640fcacbe64b_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:7b5496adbf0b53964790dbb22c468161e6d873912eacd00b08b955c1314d52a8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:8d86d2d4ac2459d61a1e493603c9eb7a3f0d584ad53aca2af884bf8bb8b30e71_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:c39a384c11e5242dc4b25fdd32813b4ff408b188af76df03e9757796fbc7a001_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/capoa-control-plane-rhel9@sha256:e0137ca5fd87bc47473fc0fc4c619ea794fac6156d84f7f4fbc689fe3328640e_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:01a0a5b524624b960339e6d40bc92eaf666532b7905b8b79a31a0ad512336f20_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:4285f5036dcf7311bc378bbe350dc33759254999de205929de90a9d218d32f78_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:b2f27f77bcbb85c3a57d40c14928a3922877270f4748cb2d03abfc4300f1925c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e5ca54ae610b6fdd062b22d68e04e8c9638a4afe9df3dee7316a09a4a50f929d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:8f10940b7e9f69bb5f5bb40fb4575f24fc8a2f20916615d6af4eff36b0dc24b2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:9e4527837150c9054e9f5eb594d557fb4642b86f1dfd109897ea63b5ff5984dd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:adfeb1a43a5b626519d6c0aee7cd7986d5afd349a4fae37d0e8821667f7fc6d3_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:d9fecb5eebf1127819cf7a3f2c2b63e050cab8864c51d4dbcad4d95921a9b698_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:0bf1c2e7d2204076757c8bbb922e11feacedcefff491bfabf481d4c27f310448_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:437680b6193c0cf77c28cb2124e01a33b7dd51063366c5781aeaf339a840b056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:cc587469525f61858f261cfbf862608aab1509bf3cf5c1e43aea63a19e579728_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:e7dc46d30ae833d7924260391781b20ffc25693073e1a4b60266caa6bd725f90_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:0712ee64942be9d307a5d89d5333a968092a685fa71c88c7eabe1498e2e3a915_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:3b2358f82cbcf6406c86a1ec0f9ccf649dfea143797cd7d112be21c6adfdbf87_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:58d58f838d9fc2ed84635083a00725a47334ee03b8a4282000b69dedddd7a9bd_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:a6950372d2ab44e865938a37f5c2dfdd55bf02cec1575353538dd28b016700f4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:2fdf436e71fee6739ae6fcd450007d76fc3fa43ba203a809f3337f22d9229bd5_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:60751156b9a51d18668dee969963569a998172b0577acaeaecff52970f3c0957_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:a86aa371b54e25d0b38ae06aea67577142b227bea31597493639ec0018391a4b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d0955c18fa4864e073bfb9a61b42261587fc2f5f1b2f29cd0b139be5373b578a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:5e2316240808f561c9ec5b04a57e41776b7efc9a26afa9ae10f7bf7693b30d97_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:63be8363c2915b782cd9fc6007b761bc6d3ac9f77bfc35fae1c55c00974058f7_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:84d99fc9411e1a8d409d8c6bcd345cfdfee5c5986d6489a2633ffc7d4ad496b4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:a3f0cde47e922823ca537e0de8c7ddfed7422be5282e137e4db04d4e3c748104_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:2acf15b73b6db09469d53c6317088fc5f633f684f8421cc4a09f52d1056a2bb6_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a53abad37395ec507071b894e51a0086b063a1d1d27e4d029b2d3cfb51bc0d14_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:a9871b54bfa689489d578155adb5a483cab73e202c092619e116e71efb476c00_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:bf6e25c9b7d66fb0c45c0ebdbbd0ee34b7a9e1cff1ac70128ee7e475812bfa7c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:4955d00cb76f1360a80679973e9d53fcf38a57e0220bc8a29728cd0360327972_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:684094906425b67784bb7f10a152cd15e354bd84a2a2d68178000122bd43794d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8794c45c047ad41c71fbd788d35d493a9e4f78c947106391b0f67d3d572b2d06_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:d0dbcb780c8782e3b1d6abda17255bc45ec4fb5d01e29e8cb3b91bfa0a46c55a_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:0a49a64e48aed198f1ead92cd6584bd8b62813dc2621489783b9a62469d7f9e6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:2c17ef74e6ec8ae3a02268e43d9018eefaafc4493f94de3a8ca6a6fc836be6a4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:40a5278bcc8e647aaf16ccca432c4d9bec67ec074569f192420bca529fdaf113_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:eafd28f0dd525e4c11b90d01e686ada9bb6ef9e9097e81608df8c04ed15d513b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:0f47ceec837a12497ee911279b0fba82481e72ee163670a8674630f948d39aba_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:32166ec828cbc58224e236a86bd7439464379272f473bcdcd2ec765f7081a5b7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:65c8b3770f82794d55d269a004948a8e2c54cbd99b09552b4cdb91475baee5a2_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:a3c91540f20f094fee24224bce21018aa671849e7f75aece1bddfb6c945289d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:0b03429102eea10cc0733872bbc946bbfa378966b5d62e32762bd7a59c23e9de_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:44e5c0c8674682d03d564fef5e9f668d4ab71e6f27a64ee1bd7a2cf0c47d0db1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:8422d2c6e47dbb14bc80b03734fd702c57724bf384557e9b9e1a67b85e6b8185_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:b95787f2a384f94f00c84e38c0bd263a9a0f7fff9ce0df5bbd1c265f6812cefb_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:661171f5a869f110ada60973b2c8289d80df4e7e7373e13bdb68bd5f59be91ea_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:9c1f70be52ba4c49de28376802bf2d73fe0a3bc44282ace7606cfb123233da4c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:ced6dbca20663462d35a97ca21836503e9987f29d37896ce8c5fb89650268762_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e374c0aad61fb4a2af3dd0e8310286e45e283dac47c8e766f34cabf1d8cc2563_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:27f2b11d9017cad3af4f872ce382b54492bae329c499f4423c6ef7342522f844_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:371f8ec4475c9af90dbaf1a76a6b1217e195d3c371b0903137df92e8733371db_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:568aee9b50f1b79b0d3edea5e5a4f877ad8fcfe6f3e81e6f3cf049774dfe4bc9_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:e20f2aa3083e6d4100b4a38df9b416ac8b0f6a475fffff9754437fe4697dbd94_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:7d16492d3d30bb614c6155b2a3de1a3cfcd55100c06078c96557831f9c19221c_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:85f7963a86254181a79cd48a98130c4b0cd50abe6d704940dac5958ab9d11863_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:89a50676a19cc0187665f7c06ddd717a37df80c4b0eccb96447380b7ba2db663_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:e6d522327993a91ed50b12745b26db70b5f7b374bb015ef7165ef7c3b59529b4_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:1052d9b0befb2fd315b445ed4ccca0490075fa82d2752f1507f3daba6476d87a_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:5511144641603a3fc4c93ae9d7253ba2fccc55f8806913a4e08ec9f3b919d5c8_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:b8e2d11f40a5a29f0a3fc870dafd8ce6c72e8983f44d5084814b0cc56d410fe7_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:fd3eb25ba4e8baaf13bdebf9a5c70d20d79a642bccd808c8dfbec52b403a2608_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:47265159cef044b5a4086af6506b3ad570d0966d80a5dd0c69d391ced37e2572_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:a6dc13baffa1382bc1316588eba2e63cfc1630d059b3b9ab53dd53c98d135220_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:d69051165ba4538e28097a2caa510ae3bab59223e473eb9286763a0c8e2137d2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e04fa41cee83d89a88fc68bc38aadaa69f9c9f30e9a95f19eba299647e5f99bc_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:1e8efca30bc8130a20834ee0dfeff80a62c4b129c2f849492a62f761a684d105_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:572430d7b231e93613667d049f11ad8c0570f9cda09b1a0d9c9367a31ada8d86_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:736ac64d54c2a12dc2234272862e5a52c283dca3273ed2c95cb73167bdc177fa_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:9c3a0cae8f0998134af791cf690fe6a42783f6caed795c62d67c57ebd849d983_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:2ad0563c640566cc6e55ae741b09cd353cdd8a343931596ed1ce93d49e076667_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:ba5349debff221eb5e47fac02f60c5d664a32b5cf53a654e3e983ef036acb263_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:cd373cc3574546fc2e48a58a3a7e90620494ccb24507337ef1d9a90aaf88d02d_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:e448d52eede5096fdb44b6850905a71959e2f90db6fea1cdd17cca941959a9d8_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:1136c984617f2a3c71a5b451c5de88f06245a9a9c83783c16a6938b6f7272f80_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:b7b9c35577b5a91539597fa90c6187e20cdbad70e8ddc55c8dc80058759be711_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:bdf691c5300034b0331daea8d92f942c3db66aa11fd726d977ae36fec1791695_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/mce-capi-webhook-config-rhel9@sha256:cc46200f1bd3aa621f80fc5535c917318d50084eea265b22fe1b79871184d7bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:2d1bb2935a4c90bf9ca6b22a11a07fcaba002f2020d0ea15b82a7cf4df66713c_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:5d1e7ef39de25f974949e49cbe325783e78071678e30bc3d2311710875dba2bb_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:8b7aa7f81955082085fbf1317ad5d747f4e19ce35c13f17c8f57eb810a1adbf7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:dc0ffee2f8c96c6ee22a2ddb06d14e08149561bab7b4195d08b59f628870af68_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4489ffd456a5d5704dccafc45b523f572f90307e57b8b353f8d8ce4c42706d4f_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:4b6d6e9d9146d9834fb999ee2cbec8c56806d09bce1137bd3869fa125d064f10_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:93147af5126f419ac3fe2a0c95715b76299f27ff642483b2d14b89301367d056_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:fea7a807792063cafdd6196fc68e8f7b693d7f123241c6bd64f4a00050f4a5ef_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:2eb424b36226bec87b5277eea7f5ff288409a49f99c3f60ab795bf39a07af7c1_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4974b49892263b43d379077d1d44ebf579e4da3700043a9c370e52359d852e7b_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:4cafcf98bfde7d9700ea55ef88c183fbf172da5d1bbc57c315df4f0d00591547_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:6f3a3fcf20935e6454baf90004604407c0e205b78d5accc10aefdb03fde0faf6_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:3ec58884225aa63c85639cda97c4d7c57c7ca505c885e9a5bcbbe14bd6fc82c6_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:62fb9dd8ffc2b61de085d39ba2fb0a8192c3634a79b6cf4d9821fdc95efc1fe4_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cfb71cbaeaa7cfa8280e19f89132a8ba8fc2ea84dfb6654975c1176ee1cfac4c_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:d23b6e3b510f387235b042dd3e658caab3a3af7386895a53f0967fd8bca77f80_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2d2159059467f0f9f4eb6550d6fe1739193101d784a3098fce4f25b37f3753a7_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:8839a8851cea3d34dd15274678b6f00a80394308197a877be5505f4af39b62cc_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9133c95a0fefcec77396b1ec04b33024a0e1a3716658de9debeb92a5ffc47f31_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:c8bde9c9afc34300b7193a8b9ad1c103efd8945b350ab007d9ca6d515ac9c007_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:05094b109396ae9f2a5f346602051a7310000d08890540d1fdef3712455f51c0_amd64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b00b82b23fbabbf3dceaca70c0bb583405ef105cbd21037dd992c2461368bd2_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:1b222fa278dcff0824bc0340e27b6182ffc04506e54d99048f5c01c6bc604ad7_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cc032f7a173f50c51872ddbf9a9c17fa51b7fd91cb3e7b8aeba378c2725043de_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:244bd3fa3c960a9eee6d978fe9291d7b112daf2f5516840292fd0298acee5ac1_arm64",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:aba46c2c0e3ab613120a479c75f9dde8c772e7ec24034886371665c5c6b2fa8d_ppc64le",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:bb19a56cdf094216cc7a4398ce76d0e53081a6a1ce6a05af5951ac3099af84e0_s390x",
"multicluster engine for Kubernetes 2.9:registry.redhat.io/multicluster-engine/work-rhel9@sha256:f9c0e9e31a1aeddfefb4f24f7dd70971c1e32d6c4ac99745f81ea63afb526823_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:7291
Vulnerability from csaf_redhat - Published: 2026-04-09 11:00 - Updated: 2026-06-23 18:49Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in "../", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
5.4 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A potential denial of service flaw has been discovered in golang's crypto/x509 module. Due to the design of the name constraint checking algorithm, the processing time of some inputs scales non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.
4.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A TLS connection handling flaw has been discovered in the golang crypto/tls library. During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.
8.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Golang's cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.
6.7 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.
CWE-295 - Improper Certificate ValidationAffected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in golang.org/x/net/http2. A remote attacker can exploit this vulnerability by sending specially crafted HTTP/2 frames, which are data packets used in the HTTP/2 protocol. Due to a missing check for null values, processing these specific frames (types 0x0a through 0x0f) can cause the server to crash. This leads to a Denial of Service (DoS) condition, making the affected server unavailable to legitimate users.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An input escaping flaw has been discovered in the golang html/template module. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.
5.4 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Go's `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the "old GNU sparse map" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.
4.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.
5.4 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
339 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7291",
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27141",
"url": "https://access.redhat.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58190",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47911",
"url": "https://access.redhat.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22873",
"url": "https://access.redhat.com/security/cve/CVE-2025-22873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68119",
"url": "https://access.redhat.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61732",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61731",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61725",
"url": "https://access.redhat.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61724",
"url": "https://access.redhat.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61723",
"url": "https://access.redhat.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58186",
"url": "https://access.redhat.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58185",
"url": "https://access.redhat.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58181",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47914",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47912",
"url": "https://access.redhat.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47910",
"url": "https://access.redhat.com/security/cve/CVE-2025-47910"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61730",
"url": "https://access.redhat.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58189",
"url": "https://access.redhat.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58187",
"url": "https://access.redhat.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58188",
"url": "https://access.redhat.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33809",
"url": "https://access.redhat.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32289",
"url": "https://access.redhat.com/security/cve/CVE-2026-32289"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32288",
"url": "https://access.redhat.com/security/cve/CVE-2026-32288"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32283",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27144",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27143",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61727",
"url": "https://access.redhat.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27139",
"url": "https://access.redhat.com/security/cve/CVE-2026-27139"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27138",
"url": "https://access.redhat.com/security/cve/CVE-2026-27138"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27142",
"url": "https://access.redhat.com/security/cve/CVE-2026-27142"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7291.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-23T18:49:09+00:00",
"generator": {
"date": "2026-06-23T18:49:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:7291",
"initial_release_date": "2026-04-09T11:00:43+00:00",
"revision_history": [
{
"date": "2026-04-09T11:00:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-18T20:02:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T18:49:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@aarch64",
"product": {
"name": "golang1-26-main@aarch64",
"product_id": "golang1-26-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.2-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@src",
"product": {
"name": "golang1-26-main@src",
"product_id": "golang1-26-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.2-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@x86_64",
"product": {
"name": "golang1-26-main@x86_64",
"product_id": "golang1-26-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.2-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@noarch",
"product": {
"name": "golang1-26-main@noarch",
"product_id": "golang1-26-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26-docs@1.26.2-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@aarch64"
},
"product_reference": "golang1-26-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@noarch"
},
"product_reference": "golang1-26-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@src"
},
"product_reference": "golang1-26-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@x86_64"
},
"product_reference": "golang1-26-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22873",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-05T00:01:17.475869+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436992"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in \"../\", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os: os: Information disclosure via path traversal using specially crafted filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security classified this issue as Moderate.\n\nThe flaw exists in a local filesystem abstraction within the Go standard library, it can also be exploited remotely in applications that accept attacker-controlled path input over a network and pass it to Root.Open without proper validation. The attack complexity is low, as exploitation requires only appending \"../\" to the supplied path. However, the impact is limited: the flaw permits opening only the immediate parent directory, not arbitrary filesystem locations or files contained within that directory. There is no direct impact on file integrity or application availability. These constraints limit the practical exposure of the issue while still represents a boundary bypass and may expose unintended filesystem metadata. The issue does not permit traversal beyond the parent directory, modification of files, or broader system compromise, thereby constraining its overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22873"
},
{
"category": "external",
"summary": "RHBZ#2436992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436992"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22873"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2025/05/06/2",
"url": "http://www.openwall.com/lists/oss-security/2025/05/06/2"
},
{
"category": "external",
"summary": "https://go.dev/cl/670036",
"url": "https://go.dev/cl/670036"
},
{
"category": "external",
"summary": "https://go.dev/issue/73555",
"url": "https://go.dev/issue/73555"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4403",
"url": "https://pkg.go.dev/vuln/GO-2026-4403"
}
],
"release_date": "2026-02-04T23:05:24.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "os: os: Information disclosure via path traversal using specially crafted filenames"
},
{
"cve": "CVE-2025-47910",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2025-09-22T22:00:44.572202+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397528"
}
],
"notes": [
{
"category": "description",
"text": "A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: CrossOriginProtection bypass in net/http",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47910"
},
{
"category": "external",
"summary": "RHBZ#2397528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47910",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47910"
},
{
"category": "external",
"summary": "https://go.dev/cl/699275",
"url": "https://go.dev/cl/699275"
},
{
"category": "external",
"summary": "https://go.dev/issue/75054",
"url": "https://go.dev/issue/75054"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ",
"url": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3955",
"url": "https://pkg.go.dev/vuln/GO-2025-3955"
}
],
"release_date": "2025-09-22T21:01:55.440000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: CrossOriginProtection bypass in net/http"
},
{
"cve": "CVE-2025-47911",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2026-02-05T18:01:23.423406+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437109"
}
],
"notes": [
{
"category": "description",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "RHBZ#2437109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4440",
"url": "https://github.com/golang/vulndb/issues/4440"
},
{
"category": "external",
"summary": "https://go.dev/cl/709876",
"url": "https://go.dev/cl/709876"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4440",
"url": "https://pkg.go.dev/vuln/GO-2026-4440"
}
],
"release_date": "2026-02-05T17:48:44.562000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html"
},
{
"cve": "CVE-2025-47912",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-10-29T23:01:06.642219+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407247"
}
],
"notes": [
{
"category": "description",
"text": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "RHBZ#2407247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912"
},
{
"category": "external",
"summary": "https://go.dev/cl/709857",
"url": "https://go.dev/cl/709857"
},
{
"category": "external",
"summary": "https://go.dev/issue/75678",
"url": "https://go.dev/issue/75678"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4010",
"url": "https://pkg.go.dev/vuln/GO-2025-4010"
}
],
"release_date": "2025-10-29T22:10:13.435000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url"
},
{
"cve": "CVE-2025-47914",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-19T21:01:06.202641+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. The golang.org/x/crypto/ssh/agent library, when used in SSH Agent servers, does not properly validate the size of messages during new identity requests. A specially crafted malformed message can lead to an out-of-bounds read, causing the program to panic and resulting in a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "RHBZ#2416000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://go.dev/cl/721960",
"url": "https://go.dev/cl/721960"
},
{
"category": "external",
"summary": "https://go.dev/issue/76364",
"url": "https://go.dev/issue/76364"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4135",
"url": "https://pkg.go.dev/vuln/GO-2025-4135"
}
],
"release_date": "2025-11-19T20:33:43.126000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages"
},
{
"cve": "CVE-2025-58181",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-11-19T21:00:50.197590+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415997"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. SSH servers utilizing `golang.org/x/crypto/ssh` and configured to process GSSAPI authentication requests are susceptible to unbounded memory consumption. An attacker can exploit this by sending specially crafted GSSAPI authentication requests, potentially leading to a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "RHBZ#2415997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415997"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://go.dev/cl/721961",
"url": "https://go.dev/cl/721961"
},
{
"category": "external",
"summary": "https://go.dev/issue/76363",
"url": "https://go.dev/issue/76363"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4134",
"url": "https://pkg.go.dev/vuln/GO-2025-4134"
}
],
"release_date": "2025-11-19T20:33:42.795000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58185",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:25.877898+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407251"
}
],
"notes": [
{
"category": "description",
"text": "A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "RHBZ#2407251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407251"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd",
"url": "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd"
},
{
"category": "external",
"summary": "https://go.dev/cl/709856",
"url": "https://go.dev/cl/709856"
},
{
"category": "external",
"summary": "https://go.dev/issue/75671",
"url": "https://go.dev/issue/75671"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4011",
"url": "https://pkg.go.dev/vuln/GO-2025-4011"
}
],
"release_date": "2025-10-29T22:10:13.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1"
},
{
"cve": "CVE-2025-58186",
"discovery_date": "2025-10-29T23:01:22.260983+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407250"
}
],
"notes": [
{
"category": "description",
"text": "Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as \"a=;\", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "RHBZ#2407250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186"
},
{
"category": "external",
"summary": "https://go.dev/cl/709855",
"url": "https://go.dev/cl/709855"
},
{
"category": "external",
"summary": "https://go.dev/issue/75672",
"url": "https://go.dev/issue/75672"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4012",
"url": "https://pkg.go.dev/vuln/GO-2025-4012"
}
],
"release_date": "2025-10-29T22:10:13.912000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http"
},
{
"cve": "CVE-2025-58187",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:54.130980+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407259"
}
],
"notes": [
{
"category": "description",
"text": "A potential denial of service flaw has been discovered in golang\u0027s crypto/x509 module. Due to the design of the name constraint checking algorithm, the processing time of some inputs scales non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "RHBZ#2407259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4",
"url": "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4"
},
{
"category": "external",
"summary": "https://go.dev/cl/709854",
"url": "https://go.dev/cl/709854"
},
{
"category": "external",
"summary": "https://go.dev/issue/75681",
"url": "https://go.dev/issue/75681"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4007",
"url": "https://pkg.go.dev/vuln/GO-2025-4007"
}
],
"release_date": "2025-10-29T22:10:12.624000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509"
},
{
"cve": "CVE-2025-58188",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2025-10-29T23:01:39.787633+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407255"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impacts are limited on Red Hat products as they do not affect the host systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "RHBZ#2407255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407255"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9",
"url": "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9"
},
{
"category": "external",
"summary": "https://go.dev/cl/709853",
"url": "https://go.dev/cl/709853"
},
{
"category": "external",
"summary": "https://go.dev/issue/75675",
"url": "https://go.dev/issue/75675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4013",
"url": "https://pkg.go.dev/vuln/GO-2025-4013"
}
],
"release_date": "2025-10-29T22:10:14.143000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509"
},
{
"cve": "CVE-2025-58189",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2025-10-29T23:01:57.740310+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407260"
}
],
"notes": [
{
"category": "description",
"text": "The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "RHBZ#2407260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"category": "external",
"summary": "https://go.dev/cl/707776",
"url": "https://go.dev/cl/707776"
},
{
"category": "external",
"summary": "https://go.dev/issue/75652",
"url": "https://go.dev/issue/75652"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4008",
"url": "https://pkg.go.dev/vuln/GO-2025-4008"
}
],
"release_date": "2025-10-29T22:10:12.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information"
},
{
"cve": "CVE-2025-58190",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-05T18:01:26.511908+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437110"
}
],
"notes": [
{
"category": "description",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "RHBZ#2437110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4441",
"url": "https://github.com/golang/vulndb/issues/4441"
},
{
"category": "external",
"summary": "https://go.dev/cl/709875",
"url": "https://go.dev/cl/709875"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4441",
"url": "https://pkg.go.dev/vuln/GO-2026-4441"
}
],
"release_date": "2026-02-05T17:48:44.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net"
},
{
"cve": "CVE-2025-61723",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:29.304260+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407252"
}
],
"notes": [
{
"category": "description",
"text": "A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some\ninputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "RHBZ#2407252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b",
"url": "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b"
},
{
"category": "external",
"summary": "https://go.dev/cl/709858",
"url": "https://go.dev/cl/709858"
},
{
"category": "external",
"summary": "https://go.dev/issue/75676",
"url": "https://go.dev/issue/75676"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4009",
"url": "https://pkg.go.dev/vuln/GO-2025-4009"
}
],
"release_date": "2025-10-29T22:10:13.220000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem"
},
{
"cve": "CVE-2025-61724",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2025-10-29T23:01:47.202663+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407257"
}
],
"notes": [
{
"category": "description",
"text": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "RHBZ#2407257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407257"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"category": "external",
"summary": "https://go.dev/cl/709859",
"url": "https://go.dev/cl/709859"
},
{
"category": "external",
"summary": "https://go.dev/issue/75716",
"url": "https://go.dev/issue/75716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4015",
"url": "https://pkg.go.dev/vuln/GO-2025-4015"
}
],
"release_date": "2025-10-29T22:10:14.609000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto"
},
{
"cve": "CVE-2025-61725",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:18.805163+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407249"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: Excessive CPU consumption in ParseAddress in net/mail",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "RHBZ#2407249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407249"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
},
{
"category": "external",
"summary": "https://go.dev/cl/709860",
"url": "https://go.dev/cl/709860"
},
{
"category": "external",
"summary": "https://go.dev/issue/75680",
"url": "https://go.dev/issue/75680"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4006",
"url": "https://pkg.go.dev/vuln/GO-2025-4006"
}
],
"release_date": "2025-10-29T22:10:12.255000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61727",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2025-12-03T20:01:21.730501+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418677"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to obtain a leaf certificate with a wildcard SAN (e.g., *.example.com) and the legitimate certificate policy must contain an excluded DNS name constraint (e.g., to prevent issuance for test.example.com), allowing an application using the crypto/x509 package to validate the certificate when it should have been rejected and to be vulnerable to MITM (man-in-the-middle) attacks. Additionally, the attacker does not have full control of what data can be read of modified during the attack. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "RHBZ#2418677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418677"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
},
{
"category": "external",
"summary": "https://go.dev/cl/723900",
"url": "https://go.dev/cl/723900"
},
{
"category": "external",
"summary": "https://go.dev/issue/76442",
"url": "https://go.dev/issue/76442"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4175",
"url": "https://pkg.go.dev/vuln/GO-2025-4175"
}
],
"release_date": "2025-12-03T19:37:15.054000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-61730",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-28T20:01:36.508659+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434430"
}
],
"notes": [
{
"category": "description",
"text": "A TLS connection handling flaw has been discovered in the golang crypto/tls library. During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The data leak after exploitation of this vulnerability is minor, data such as Handshake message contents that should have been processed only after switching to a stronger TLS 1.3 encryption level, Protocol state details such as which handshake message was processed when, Timing and ordering information about the TLS 1.3 state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "RHBZ#2434430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434430"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
},
{
"category": "external",
"summary": "https://go.dev/cl/724120",
"url": "https://go.dev/cl/724120"
},
{
"category": "external",
"summary": "https://go.dev/issue/76443",
"url": "https://go.dev/issue/76443"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4340",
"url": "https://pkg.go.dev/vuln/GO-2026-4340"
}
],
"release_date": "2026-01-28T19:30:30.986000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls"
},
{
"cve": "CVE-2025-61731",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:45.587773+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434433"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the \u0027#cgo pkg-config:\u0027 directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a \u0027--log-file\u0027 argument to the pkg-config command. This vulnerability can lead to arbitrary file write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Important rather than Moderate because compiling a malicious Go source file can cause `pkg-config` to create or append data to files at attacker-chosen locations, subject to the permissions of the build user. This can enable unintended filesystem modifications during the build process, which can lead to broken builds, alter tool behavior, and poison caches or artifacts, even without direct code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "RHBZ#2434433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://go.dev/cl/736711",
"url": "https://go.dev/cl/736711"
},
{
"category": "external",
"summary": "https://go.dev/issue/77100",
"url": "https://go.dev/issue/77100"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4339",
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
}
],
"release_date": "2026-01-28T19:30:30.844000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive"
},
{
"cve": "CVE-2025-61732",
"discovery_date": "2026-02-05T05:00:47.678207+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s \u0027cgo tool\u0027. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in the `cmd/cgo` component of the Go toolchain. A parsing discrepancy between Go and C/C++ comments could allow for code smuggling into the resulting `cgo` binary. This primarily affects systems where untrusted Go modules utilizing `cgo` are built, impacting Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "RHBZ#2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://go.dev/cl/734220",
"url": "https://go.dev/cl/734220"
},
{
"category": "external",
"summary": "https://go.dev/issue/76697",
"url": "https://go.dev/issue/76697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4433",
"url": "https://pkg.go.dev/vuln/GO-2026-4433"
}
],
"release_date": "2026-02-05T03:42:26.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy"
},
{
"cve": "CVE-2025-68119",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:57.098669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434438"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang\u0027s cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is rated Moderate severity by Red Hat Product Security, because exploitation requires non-standard and intentional user behavior. \n\nThe attacker must explicitly supply a specially crafted module version string, which does not occur during normal Go module usage such as @latest or standard module paths, making the attack complexity high. \n\nAdditionally, user interaction is required, as the vulnerable behavior is only triggered when a user manually invokes the Go toolchain to download or build the malicious module.\n \nWhile successful exploitation can result in local code execution or arbitrary file modification, the combination of local access, manual input, and uncommon usage patterns significantly limits the likelihood of exploitation in typical environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "RHBZ#2434438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434438"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
},
{
"category": "external",
"summary": "https://go.dev/cl/736710",
"url": "https://go.dev/cl/736710"
},
{
"category": "external",
"summary": "https://go.dev/issue/77099",
"url": "https://go.dev/issue/77099"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4338",
"url": "https://pkg.go.dev/vuln/GO-2026-4338"
}
],
"release_date": "2026-01-28T19:30:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-27138",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:35.939008+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445344"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27138"
},
{
"category": "external",
"summary": "RHBZ#2445344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27138",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27138"
},
{
"category": "external",
"summary": "https://go.dev/cl/752183",
"url": "https://go.dev/cl/752183"
},
{
"category": "external",
"summary": "https://go.dev/issue/77953",
"url": "https://go.dev/issue/77953"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4600",
"url": "https://pkg.go.dev/vuln/GO-2026-4600"
}
],
"release_date": "2026-03-06T21:28:14+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509"
},
{
"cve": "CVE-2026-27139",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-06T22:01:08.670782+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445335"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os: FileInfo can escape from a Root in golang os module",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27139"
},
{
"category": "external",
"summary": "RHBZ#2445335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
},
{
"category": "external",
"summary": "https://go.dev/cl/749480",
"url": "https://go.dev/cl/749480"
},
{
"category": "external",
"summary": "https://go.dev/issue/77827",
"url": "https://go.dev/issue/77827"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4602",
"url": "https://pkg.go.dev/vuln/GO-2026-4602"
}
],
"release_date": "2026-03-06T21:28:14.451000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "os: FileInfo can escape from a Root in golang os module"
},
{
"cve": "CVE-2026-27141",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-02-26T20:09:11.626155+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443104"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/http2. A remote attacker can exploit this vulnerability by sending specially crafted HTTP/2 frames, which are data packets used in the HTTP/2 protocol. Due to a missing check for null values, processing these specific frames (types 0x0a through 0x0f) can cause the server to crash. This leads to a Denial of Service (DoS) condition, making the affected server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "RHBZ#2443104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443104"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141"
},
{
"category": "external",
"summary": "https://go.dev/cl/746180",
"url": "https://go.dev/cl/746180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77652",
"url": "https://go.dev/issue/77652"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4559",
"url": "https://pkg.go.dev/vuln/GO-2026-4559"
}
],
"release_date": "2026-02-26T18:50:31.830000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames"
},
{
"cve": "CVE-2026-27142",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-03-06T22:01:56.662646+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445351"
}
],
"notes": [
{
"category": "description",
"text": "An input escaping flaw has been discovered in the golang html/template module. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: URLs in meta content attribute actions are not escaped in html/template",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27142"
},
{
"category": "external",
"summary": "RHBZ#2445351",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445351"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
},
{
"category": "external",
"summary": "https://go.dev/cl/752081",
"url": "https://go.dev/cl/752081"
},
{
"category": "external",
"summary": "https://go.dev/issue/77954",
"url": "https://go.dev/issue/77954"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4603",
"url": "https://pkg.go.dev/vuln/GO-2026-4603"
}
],
"release_date": "2026-03-06T21:28:14.674000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: URLs in meta content attribute actions are not escaped in html/template"
},
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32288",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:00:57.624222+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the \"old GNU sparse map\" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "archive/tar: golang: Go\u0027s archive/tar package: Denial of Service via maliciously-crafted archive",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32288"
},
{
"category": "external",
"summary": "RHBZ#2456332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288"
},
{
"category": "external",
"summary": "https://go.dev/cl/763766",
"url": "https://go.dev/cl/763766"
},
{
"category": "external",
"summary": "https://go.dev/issue/78301",
"url": "https://go.dev/issue/78301"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4869",
"url": "https://pkg.go.dev/vuln/GO-2026-4869"
}
],
"release_date": "2026-04-08T01:06:57.416000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "archive/tar: golang: Go\u0027s archive/tar package: Denial of Service via maliciously-crafted archive"
},
{
"cve": "CVE-2026-32289",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-04-08T02:01:05.911683+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456334"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32289"
},
{
"category": "external",
"summary": "RHBZ#2456334",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456334"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
},
{
"category": "external",
"summary": "https://go.dev/cl/763762",
"url": "https://go.dev/cl/763762"
},
{
"category": "external",
"summary": "https://go.dev/issue/78331",
"url": "https://go.dev/issue/78331"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4865",
"url": "https://pkg.go.dev/vuln/GO-2026-4865"
}
],
"release_date": "2026-04-08T01:06:56.297000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals"
},
{
"cve": "CVE-2026-33809",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-25T19:01:55.384019+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451437"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "RHBZ#2451437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33809",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809"
},
{
"category": "external",
"summary": "https://go.dev/cl/757660",
"url": "https://go.dev/cl/757660"
},
{
"category": "external",
"summary": "https://go.dev/issue/78267",
"url": "https://go.dev/issue/78267"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4815",
"url": "https://pkg.go.dev/vuln/GO-2026-4815"
}
],
"release_date": "2026-03-25T18:24:04.222000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…