Action not permitted
Modal body text goes here.
cve-2019-11247
Vulnerability from cvelistv5
Published
2019-08-29 00:25
Modified
2024-09-16 18:04
Severity ?
EPSS score ?
Summary
Kubernetes kube-apiserver allows access to custom resources via wrong scope
References
▼ | URL | Tags | |
---|---|---|---|
jordan@liggitt.net | https://access.redhat.com/errata/RHBA-2019:2816 | Third Party Advisory | |
jordan@liggitt.net | https://access.redhat.com/errata/RHBA-2019:2824 | Third Party Advisory | |
jordan@liggitt.net | https://access.redhat.com/errata/RHSA-2019:2690 | Third Party Advisory | |
jordan@liggitt.net | https://access.redhat.com/errata/RHSA-2019:2769 | Third Party Advisory | |
jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/80983 | Third Party Advisory | |
jordan@liggitt.net | https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ | Third Party Advisory | |
jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20190919-0003/ | Third Party Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
Kubernetes | Kubernetes |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:48:09.018Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/kubernetes/kubernetes/issues/80983" }, { "name": "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ" }, { "name": "RHSA-2019:2690", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2690" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190919-0003/" }, { "name": "RHBA-2019:2816", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHBA-2019:2816" }, { "name": "RHBA-2019:2824", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHBA-2019:2824" }, { "name": "RHSA-2019:2769", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2769" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kubernetes", "vendor": "Kubernetes", "versions": [ { "status": "affected", "version": "prior to 1.13.9" }, { "status": "affected", "version": "prior to 1.14.5" }, { "status": "affected", "version": "prior to 1.15.2" }, { "status": "affected", "version": "1.7" }, { "status": "affected", "version": "1.8" }, { "status": "affected", "version": "1.9" }, { "status": "affected", "version": "1.10" }, { "status": "affected", "version": "1.11" }, { "status": "affected", "version": "1.12" } ] } ], "credits": [ { "lang": "en", "value": "Prabu Shyam, Verizon Media" } ], "datePublic": "2019-08-05T00:00:00", "descriptions": [ { "lang": "en", "value": "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-24T22:06:25", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/kubernetes/kubernetes/issues/80983" }, { "name": "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ" }, { "name": "RHSA-2019:2690", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2690" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190919-0003/" }, { "name": "RHBA-2019:2816", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHBA-2019:2816" }, { "name": "RHBA-2019:2824", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHBA-2019:2824" }, { "name": "RHSA-2019:2769", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2769" } ], "source": { "defect": [ "https://github.com/kubernetes/kubernetes/issues/80983" ], "discovery": "USER" }, "title": "Kubernetes kube-apiserver allows access to custom resources via wrong scope", "workarounds": [ { "lang": "en", "value": "To mitigate, remove authorization rules that grant access to cluster-scoped resources within namespaces. For example, RBAC roles and clusterroles intended to be referenced by namespaced rolebindings should not grant access to resources:[*], apiGroups:[*], or grant access to cluster-scoped custom resources." } ], "x_generator": { "engine": "Vulnogram 0.0.7" }, "x_legacyV4Record": { "CVE_data_meta": { "AKA": "", "ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2019-08-05", "ID": "CVE-2019-11247", "STATE": "PUBLIC", "TITLE": "Kubernetes kube-apiserver allows access to custom resources via wrong scope" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Kubernetes", "version": { "version_data": [ { "version_value": "prior to 1.13.9" }, { "version_value": "prior to 1.14.5" }, { "version_value": "prior to 1.15.2" }, { "version_value": "1.7" }, { "version_value": "1.8" }, { "version_value": "1.9" }, { "version_value": "1.10" }, { "version_value": "1.11" }, { "version_value": "1.12" } ] } } ] }, "vendor_name": "Kubernetes" } ] } }, "configuration": [], "credit": [ { "lang": "eng", "value": "Prabu Shyam, Verizon Media" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12." } ] }, "exploit": [], "generator": { "engine": "Vulnogram 0.0.7" }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20: Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/kubernetes/kubernetes/issues/80983", "refsource": "CONFIRM", "url": "https://github.com/kubernetes/kubernetes/issues/80983" }, { "name": "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249", "refsource": "MLIST", "url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ" }, { "name": "RHSA-2019:2690", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2690" }, { "name": "https://security.netapp.com/advisory/ntap-20190919-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190919-0003/" }, { "name": "RHBA-2019:2816", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:2816" }, { "name": "RHBA-2019:2824", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:2824" }, { "name": "RHSA-2019:2769", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2769" } ] }, "solution": [], "source": { "advisory": "", "defect": [ "https://github.com/kubernetes/kubernetes/issues/80983" ], "discovery": "USER" }, "work_around": [ { "lang": "en", "value": "To mitigate, remove authorization rules that grant access to cluster-scoped resources within namespaces. For example, RBAC roles and clusterroles intended to be referenced by namespaced rolebindings should not grant access to resources:[*], apiGroups:[*], or grant access to cluster-scoped custom resources." } ] } } }, "cveMetadata": { "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2019-11247", "datePublished": "2019-08-29T00:25:27.667656Z", "dateReserved": "2019-04-17T00:00:00", "dateUpdated": "2024-09-16T18:04:25.053Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-11247\",\"sourceIdentifier\":\"jordan@liggitt.net\",\"published\":\"2019-08-29T01:15:11.287\",\"lastModified\":\"2020-10-02T16:21:57.087\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.\"},{\"lang\":\"es\",\"value\":\"El kube-apiserver de Kubernetes permite por error el acceso a un recurso personalizado de \u00e1mbito de cl\u00faster si la solicitud se realiza como si el recurso estuviera con espacio de nombres. Las autorizaciones para el recurso al que se tiene acceso de esta manera se aplican mediante roles y enlaces de roles dentro del espacio de nombres, lo que significa que un usuario con acceso solo a un recurso en un espacio de nombres podr\u00eda crear, ver actualizar o eliminar el recurso de \u00e1mbito de cl\u00faster (seg\u00fan sus privilegios de rol de espacio de nombres). Las versiones afectadas de Kubernetes incluyen versiones anteriores a 1.13.9, versiones anteriores a 1.14.5, versiones anteriores a 1.15.2 y versiones 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV30\":[{\"source\":\"jordan@liggitt.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.6,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.5},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"jordan@liggitt.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.7.0\",\"versionEndIncluding\":\"1.12.10\",\"matchCriteriaId\":\"A582FE75-D84B-4C8F-B836-95FB15F68EBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.13.0\",\"versionEndExcluding\":\"1.13.9\",\"matchCriteriaId\":\"14126DA1-4F03-43D3-BD14-0BE06EC8F4E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.14.0\",\"versionEndExcluding\":\"1.14.5\",\"matchCriteriaId\":\"E10D117F-F0C4-4355-98E3-BB4A401258DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.15.0\",\"versionEndExcluding\":\"1.15.2\",\"matchCriteriaId\":\"2BECD4DB-0E6B-4C4A-B714-F6E4724BD0F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:kubernetes:1.12.11:beta0:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EAFE32A-5295-4A4B-9EC1-A1DB3CAE3DC8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"309CB6F8-F178-454C-BE97-787F78647C28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DBCD38F-BBE8-488C-A8C3-5782F191D915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87326E-0B56-4356-A889-73D026DB1D4B\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHBA-2019:2816\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2019:2824\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2690\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2769\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/kubernetes/kubernetes/issues/80983\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190919-0003/\",\"source\":\"jordan@liggitt.net\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
gsd-2019-11247
Vulnerability from gsd
Modified
2023-12-13 01:24
Details
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2019-11247", "description": "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", "id": "GSD-2019-11247", "references": [ "https://www.suse.com/security/cve/CVE-2019-11247.html", "https://access.redhat.com/errata/RHBA-2019:2816", "https://access.redhat.com/errata/RHSA-2019:2769", "https://access.redhat.com/errata/RHSA-2019:2690", "https://access.redhat.com/errata/RHSA-2019:2504", "https://linux.oracle.com/cve/CVE-2019-11247.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2019-11247" ], "details": "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", "id": "GSD-2019-11247", "modified": "2023-12-13T01:24:02.652470Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "AKA": "", "ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2019-08-05", "ID": "CVE-2019-11247", "STATE": "PUBLIC", "TITLE": "Kubernetes kube-apiserver allows access to custom resources via wrong scope" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Kubernetes", "version": { "version_data": [ { "version_value": "prior to 1.13.9" }, { "version_value": "prior to 1.14.5" }, { "version_value": "prior to 1.15.2" }, { "version_value": "1.7" }, { "version_value": "1.8" }, { "version_value": "1.9" }, { "version_value": "1.10" }, { "version_value": "1.11" }, { "version_value": "1.12" } ] } } ] }, "vendor_name": "Kubernetes" } ] } }, "configuration": [], "credit": [ { "lang": "eng", "value": "Prabu Shyam, Verizon Media" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12." } ] }, "exploit": [], "generator": { "engine": "Vulnogram 0.0.7" }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20: Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/kubernetes/kubernetes/issues/80983", "refsource": "CONFIRM", "url": "https://github.com/kubernetes/kubernetes/issues/80983" }, { "name": "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249", "refsource": "MLIST", "url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ" }, { "name": "RHSA-2019:2690", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2690" }, { "name": "https://security.netapp.com/advisory/ntap-20190919-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190919-0003/" }, { "name": "RHBA-2019:2816", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:2816" }, { "name": "RHBA-2019:2824", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:2824" }, { "name": "RHSA-2019:2769", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2769" } ] }, "solution": [], "source": { "advisory": "", "defect": [ "https://github.com/kubernetes/kubernetes/issues/80983" ], "discovery": "USER" }, "work_around": [ { "lang": "eng", "value": "To mitigate, remove authorization rules that grant access to cluster-scoped resources within namespaces. For example, RBAC roles and clusterroles intended to be referenced by namespaced rolebindings should not grant access to resources:[*], apiGroups:[*], or grant access to cluster-scoped custom resources." } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.12.10", "versionStartIncluding": "1.7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:kubernetes:kubernetes:1.12.11:beta0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.13.9", "versionStartIncluding": "1.13.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.15.2", "versionStartIncluding": "1.15.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.14.5", "versionStartIncluding": "1.14.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@kubernetes.io", "ID": "CVE-2019-11247" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-863" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/kubernetes/kubernetes/issues/80983", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://github.com/kubernetes/kubernetes/issues/80983" }, { "name": "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249", "refsource": "MLIST", "tags": [ "Third Party Advisory" ], "url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ" }, { "name": "RHSA-2019:2690", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2690" }, { "name": "https://security.netapp.com/advisory/ntap-20190919-0003/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190919-0003/" }, { "name": "RHBA-2019:2816", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHBA-2019:2816" }, { "name": "RHBA-2019:2824", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHBA-2019:2824" }, { "name": "RHSA-2019:2769", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2769" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.2 } }, "lastModifiedDate": "2020-10-02T16:21Z", "publishedDate": "2019-08-29T01:15Z" } } }
rhsa-2019_2690
Vulnerability from csaf_redhat
Published
2019-09-12 06:37
Modified
2024-11-13 22:09
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.10 security update
Notes
Topic
An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 3.10 users are advised to upgrade to these
updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 3.10 users are advised to upgrade to these\nupdated packages and images.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:2690", "url": "https://access.redhat.com/errata/RHSA-2019:2690" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1732192", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732192" }, { "category": "external", "summary": "1735645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645" }, { "category": "external", "summary": "1735744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2690.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 3.10 security update", "tracking": { "current_release_date": "2024-11-13T22:09:26+00:00", "generator": { "date": "2024-11-13T22:09:26+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2019:2690", "initial_release_date": "2019-09-12T06:37:28+00:00", "revision_history": [ { "date": "2019-09-12T06:37:28+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-09-12T06:37:28+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-13T22:09:26+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 3.10", "product": { "name": "Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:3.10::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product": { "name": "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_id": "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product": { "name": "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_id": "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product": { "name": "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_id": "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product": { "name": "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_id": "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product": { "name": "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_id": "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-master@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product": { "name": "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_id": "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product": { "name": "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_id": "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product": { "name": "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_id": "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product": { "name": "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_id": "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product": { "name": "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_id": "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.10.170-1.git.0.8e592d6.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product": { "name": "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_id": "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.10.170-1.git.0.8e592d6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product": { "name": "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_id": "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.10.170-1.git.0.8e592d6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product": { "name": "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_id": "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.10.170-1.git.0.8e592d6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product": { "name": "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_id": "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.10.170-1.git.0.8e592d6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product": { "name": "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_id": "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.10.170-1.git.0.8e592d6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product": { "name": "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_id": "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-master@3.10.170-1.git.0.8e592d6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product": { "name": "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_id": "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node@3.10.170-1.git.0.8e592d6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product": { "name": "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_id": "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.10.170-1.git.0.8e592d6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product": { "name": "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_id": "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.10.170-1.git.0.8e592d6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product": { "name": "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_id": "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.10.170-1.git.0.8e592d6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product": { "name": "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_id": "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.10.170-1.git.0.8e592d6.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "product": { "name": "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "product_id": "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.10.170-1.git.0.8e592d6.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "product": { "name": "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "product_id": "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.10.170-1.git.0.8e592d6.el7?arch=noarch" } } }, { "category": "product_version", "name": "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "product": { "name": "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "product_id": "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.10.170-1.git.0.8e592d6.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le" }, "product_reference": "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src" }, "product_reference": "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64" }, "product_reference": "atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le" }, "product_reference": "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64" }, "product_reference": "atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64" }, "product_reference": "atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch" }, "product_reference": "atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch" }, "product_reference": "atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le" }, "product_reference": "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64" }, "product_reference": "atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le" }, "product_reference": "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64" }, "product_reference": "atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le" }, "product_reference": "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64" }, "product_reference": "atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le" }, "product_reference": "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64" }, "product_reference": "atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le" }, "product_reference": "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64" }, "product_reference": "atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le" }, "product_reference": "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64" }, "product_reference": "atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le" }, "product_reference": "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64" }, "product_reference": "atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le" }, "product_reference": "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.10", "product_id": "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64" }, "product_reference": "atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.10" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the Envoy security team" ] } ], "cve": "CVE-2019-9512", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1735645" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: flood using PING frames results in unbounded memory growth", "title": "Vulnerability summary" }, { "category": "other", "text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9512" }, { "category": "external", "summary": "RHBZ#1735645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9512", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9512" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", "url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", "url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", "url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html" } ], "release_date": "2019-08-13T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-09-12T06:37:28+00:00", "details": "For OpenShift Container Platform 3.10 see the following documentation,\nwhich will be updated shortly for release 3.10.170, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html", "product_ids": [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2690" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: flood using PING frames results in unbounded memory growth" }, { "acknowledgments": [ { "names": [ "the Envoy security team" ] } ], "cve": "CVE-2019-9514", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1735744" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: flood using HEADERS frames results in unbounded memory growth", "title": "Vulnerability summary" }, { "category": "other", "text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9514" }, { "category": "external", "summary": "RHBZ#1735744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9514", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9514" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", "url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", "url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", "url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html" } ], "release_date": "2019-08-13T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-09-12T06:37:28+00:00", "details": "For OpenShift Container Platform 3.10 see the following documentation,\nwhich will be updated shortly for release 3.10.170, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html", "product_ids": [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2690" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: flood using HEADERS frames results in unbounded memory growth" }, { "acknowledgments": [ { "names": [ "the Kubernetes Product Security Committee" ] } ], "cve": "CVE-2019-11247", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2019-07-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1732192" } ], "notes": [ { "category": "description", "text": "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", "title": "Vulnerability description" }, { "category": "summary", "text": "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11247" }, { "category": "external", "summary": "RHBZ#1732192", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732192" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11247", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11247" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11247" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", "url": "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc" } ], "release_date": "2019-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-09-12T06:37:28+00:00", "details": "For OpenShift Container Platform 3.10 see the following documentation,\nwhich will be updated shortly for release 3.10.170, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_release_notes.html", "product_ids": [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2690" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.src", "7Server-RH7-RHOSE-3.10:atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-clients-redistributable-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-docker-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-excluder-0:3.10.170-1.git.0.8e592d6.el7.noarch", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hyperkube-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-hypershift-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-master-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-node-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-pod-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-sdn-ovs-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-template-service-broker-0:3.10.170-1.git.0.8e592d6.el7.x86_64", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.ppc64le", "7Server-RH7-RHOSE-3.10:atomic-openshift-tests-0:3.10.170-1.git.0.8e592d6.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced" } ] }
rhba-2019_2816
Vulnerability from csaf_redhat
Published
2019-09-24 12:31
Modified
2024-11-05 15:53
Summary
Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update
Notes
Topic
Red Hat OpenShift Container Platform release 3.11.146 is now available with
updates to packages and images that fix several bugs.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 3.11.146. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHBA-2019:2824
This update fixes the following bugs:
* kuryr-controller could not access the OpenShift API LoadBalancer members with OVN if kuryr-controller was running on master nodes. Now, kuryr-controller is forced to be on infrastructure nodes. As a result, kuryr-controller can now access the OpenShift API LoadBalancers. (BZ#1641647)
* In rare cases, the cluster console would not display a projects list when the user logged in. This was due to a race condition that would cause the project list to fail after logging into the admin console. The user would need to refresh the page to see the list of projects. This race condition has been addressed, and projects now load successfully after logging in. (BZ#1703777)
* Image tags were not provided for some ose-pod image pulls. As a result, multiple image versions could be pulled from the ose-pod image. Now, image tags have been added to the registry_auth and only a single image version for ose-pod is pulled. (BZ#1725938)
* Clusters with large numbers of unidled services could see extended wait times applying endpoint changes to cluster IP addresses. Iptables access is now better coordinated and synchronization of firewall rules occurs in less time. (BZ#1734009)
* Egress IP addresses did not operate correctly in namespaces with restrictive NetworkPolicies. Pods that accepted traffic only from specific sources would not be able to send egress traffic via egress IP addresses because the response from the external server would be mistakenly rejected by their NetworkPolicies. Now, replies from egress traffic are correctly recognized as replies rather than as new connections. (BZ#1741477)
* Metrics-server-certs did not remove secrets if the server was uninstalled. The metrics serving cert label has been corrected and metrics serving certs are removed completely. (BZ#1746212)
* Outgoing connections would sometimes be dropped if a minimum kernel version was not installed. A check has been added to ensure that the installed kernel meets the required minimum version to avoid network issues. This check is run during prerequisites, scale-up, and upgrade. (BZ#1749024)
* Upgrade playbooks were not respecting the openshift_docker_additional_registries variable. The registries.conf has been updated to observe inventory variables that have been set or changes since the last upgrade. (BZ#1749341)
All OpenShift Container Platform 3.11 users are advised to upgrade to these
updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 3.11.146 is now available with\nupdates to packages and images that fix several bugs.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.146. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2019:2824\n\nThis update fixes the following bugs: \n\n* kuryr-controller could not access the OpenShift API LoadBalancer members with OVN if kuryr-controller was running on master nodes. Now, kuryr-controller is forced to be on infrastructure nodes. As a result, kuryr-controller can now access the OpenShift API LoadBalancers. (BZ#1641647)\n\n* In rare cases, the cluster console would not display a projects list when the user logged in. This was due to a race condition that would cause the project list to fail after logging into the admin console. The user would need to refresh the page to see the list of projects. This race condition has been addressed, and projects now load successfully after logging in. (BZ#1703777)\n\n* Image tags were not provided for some ose-pod image pulls. As a result, multiple image versions could be pulled from the ose-pod image. Now, image tags have been added to the registry_auth and only a single image version for ose-pod is pulled. (BZ#1725938)\n\n* Clusters with large numbers of unidled services could see extended wait times applying endpoint changes to cluster IP addresses. Iptables access is now better coordinated and synchronization of firewall rules occurs in less time. (BZ#1734009)\n\n* Egress IP addresses did not operate correctly in namespaces with restrictive NetworkPolicies. Pods that accepted traffic only from specific sources would not be able to send egress traffic via egress IP addresses because the response from the external server would be mistakenly rejected by their NetworkPolicies. Now, replies from egress traffic are correctly recognized as replies rather than as new connections. (BZ#1741477)\n\n* Metrics-server-certs did not remove secrets if the server was uninstalled. The metrics serving cert label has been corrected and metrics serving certs are removed completely. (BZ#1746212)\n\n* Outgoing connections would sometimes be dropped if a minimum kernel version was not installed. A check has been added to ensure that the installed kernel meets the required minimum version to avoid network issues. This check is run during prerequisites, scale-up, and upgrade. (BZ#1749024)\n\n* Upgrade playbooks were not respecting the openshift_docker_additional_registries variable. The registries.conf has been updated to observe inventory variables that have been set or changes since the last upgrade. (BZ#1749341)\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these\nupdated packages and images.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHBA-2019:2816", "url": "https://access.redhat.com/errata/RHBA-2019:2816" }, { "category": "external", "summary": "1432875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432875" }, { "category": "external", "summary": "1641647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641647" }, { "category": "external", "summary": "1661447", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1661447" }, { "category": "external", "summary": "1703777", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703777" }, { "category": "external", "summary": "1720172", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720172" }, { "category": "external", "summary": "1733327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1733327" }, { "category": "external", "summary": "1733429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1733429" }, { "category": "external", "summary": "1734009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1734009" }, { "category": "external", "summary": "1735502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735502" }, { "category": "external", "summary": "1741477", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741477" }, { "category": "external", "summary": "1743950", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743950" }, { "category": "external", "summary": "1746212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1746212" }, { "category": "external", "summary": "1748982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748982" }, { "category": "external", "summary": "1749024", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1749024" }, { "category": "external", "summary": "1749341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1749341" }, { "category": "external", "summary": "1752853", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752853" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_2816.json" } ], "title": "Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update", "tracking": { "current_release_date": "2024-11-05T15:53:54+00:00", "generator": { "date": "2024-11-05T15:53:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHBA-2019:2816", "initial_release_date": "2019-09-24T12:31:29+00:00", "revision_history": [ { "date": "2019-09-24T12:31:29+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-09-24T12:31:29+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T15:53:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 3.11", "product": { "name": "Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:3.11::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "product": { "name": "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "product_id": "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.146-1.git.1.3f0869b.el7?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "product": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.146-1.git.1.3f0869b.el7?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product": { "name": "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_id": "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.11.146-1.git.0.4aab273.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product": { "name": "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_id": "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.146-1.git.0.4aab273.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product": { "name": "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_id": "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.146-1.git.0.4aab273.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product": { "name": "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_id": "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.146-1.git.0.4aab273.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product": { "name": "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_id": "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.146-1.git.0.4aab273.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product": { "name": "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_id": "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.146-1.git.0.4aab273.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product": { "name": "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_id": "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.146-1.git.0.4aab273.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product": { "name": "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_id": "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.146-1.git.0.4aab273.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product": { "name": "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_id": "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.146-1.git.0.4aab273.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product": { "name": "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_id": "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.146-1.git.0.4aab273.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "product": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.146-1.git.1.3633245.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "product": { "name": "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "product_id": "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.146-1.git.1.fc7387e.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "product": { "name": "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "product_id": "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.146-1.git.1.fc1edc6.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "product": { "name": "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "product_id": "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.146-1.git.1.5278825.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "product": { "name": "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "product_id": "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.146-1.git.1.e0e89f7.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "product": { "name": "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "product_id": "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.146-1.git.1.723cb8d.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "product": { "name": "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "product_id": "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.146-1.git.1.75951b8.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "product": { "name": "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "product_id": "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.146-1.git.1.517a261.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "product": { "name": "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "product_id": "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.146-1.git.1.1a30625.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "product": { "name": "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "product_id": "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.146-1.git.1.51554ba.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "product": { "name": "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "product_id": "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus@3.11.146-1.git.1.0e18774.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "product": { "name": "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "product_id": "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.146-1.git.1.de160cc.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "product": { "name": "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "product_id": "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.146-1.git.1.113bc35.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "ansible-service-broker-1:1.3.23-2.el7.ppc64le", "product": { "name": "ansible-service-broker-1:1.3.23-2.el7.ppc64le", "product_id": "ansible-service-broker-1:1.3.23-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible-service-broker@1.3.23-2.el7?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "kibana-0:5.6.16-2.el7.ppc64le", "product": { "name": "kibana-0:5.6.16-2.el7.ppc64le", "product_id": "kibana-0:5.6.16-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kibana@5.6.16-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "product": { "name": "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "product_id": "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kibana-debuginfo@5.6.16-2.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "product": { "name": "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "product_id": "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.146-1.git.1.3f0869b.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "product": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.146-1.git.1.3f0869b.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product": { "name": "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_id": "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.11.146-1.git.0.4aab273.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product": { "name": "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_id": "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.146-1.git.0.4aab273.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product": { "name": "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_id": "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.11.146-1.git.0.4aab273.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product": { "name": "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_id": "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.146-1.git.0.4aab273.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product": { "name": "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_id": "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.146-1.git.0.4aab273.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product": { "name": "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_id": "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.146-1.git.0.4aab273.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product": { "name": "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_id": "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.146-1.git.0.4aab273.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product": { "name": "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_id": "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.146-1.git.0.4aab273.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product": { "name": "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_id": "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.146-1.git.0.4aab273.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product": { "name": "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_id": "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.146-1.git.0.4aab273.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product": { "name": "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_id": "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.146-1.git.0.4aab273.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "product": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.146-1.git.1.3633245.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "product": { "name": "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "product_id": "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.146-1.git.1.fc7387e.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "product": { "name": "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "product_id": "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.146-1.git.1.fc1edc6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "product": { "name": "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "product_id": "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.146-1.git.1.5278825.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "product": { "name": "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "product_id": "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.146-1.git.1.e0e89f7.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "product": { "name": "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "product_id": "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.146-1.git.1.723cb8d.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "product": { "name": "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "product_id": "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.146-1.git.1.75951b8.el7?arch=x86_64" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "product": { "name": "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "product_id": "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.146-1.git.1.517a261.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "product": { "name": "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "product_id": "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.146-1.git.1.1a30625.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "product": { "name": "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "product_id": "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.146-1.git.1.51554ba.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "product": { "name": "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "product_id": "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus@3.11.146-1.git.1.0e18774.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "product": { "name": "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "product_id": "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.146-1.git.1.de160cc.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "product": { "name": "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "product_id": "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.146-1.git.1.113bc35.el7?arch=x86_64" } } }, { "category": "product_version", "name": "ansible-service-broker-1:1.3.23-2.el7.x86_64", "product": { "name": "ansible-service-broker-1:1.3.23-2.el7.x86_64", "product_id": "ansible-service-broker-1:1.3.23-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible-service-broker@1.3.23-2.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "kibana-0:5.6.16-2.el7.x86_64", "product": { "name": "kibana-0:5.6.16-2.el7.x86_64", "product_id": "kibana-0:5.6.16-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kibana@5.6.16-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kibana-debuginfo-0:5.6.16-2.el7.x86_64", "product": { "name": "kibana-debuginfo-0:5.6.16-2.el7.x86_64", "product_id": "kibana-debuginfo-0:5.6.16-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kibana-debuginfo@5.6.16-2.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "product": { "name": "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "product_id": "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.146-1.git.1.3f0869b.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "product": { "name": "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "product_id": "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.11.146-1.git.0.4aab273.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "product": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.146-1.git.1.3633245.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "product": { "name": "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "product_id": "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.146-1.git.1.fc7387e.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "product": { "name": "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "product_id": "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.146-1.git.1.fc1edc6.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "product": { "name": "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "product_id": "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.146-1.git.1.5278825.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "product": { "name": "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "product_id": "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.146-1.git.1.e0e89f7.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "product": { "name": "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "product_id": "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.146-1.git.1.723cb8d.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "product": { "name": "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "product_id": "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.146-1.git.1.75951b8.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "product": { "name": "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "product_id": "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.146-1.git.1.517a261.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "product": { "name": "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "product_id": "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.146-1.git.1.1a30625.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "product": { "name": "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "product_id": "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.146-1.git.1.51554ba.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "product": { "name": "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "product_id": "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.146-1.git.1.0e18774.el7?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "product": { "name": "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "product_id": "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1567698330-1.el7?arch=src" } } }, { "category": "product_version", "name": "jenkins-0:2.176.3.1568230481-1.el7.src", "product": { "name": "jenkins-0:2.176.3.1568230481-1.el7.src", "product_id": "jenkins-0:2.176.3.1568230481-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.176.3.1568230481-1.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "product": { "name": "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "product_id": "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.146-1.git.1.de160cc.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "product": { "name": "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "product_id": "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.146-1.git.1.113bc35.el7?arch=src" } } }, { "category": "product_version", "name": "ansible-service-broker-1:1.3.23-2.el7.src", "product": { "name": "ansible-service-broker-1:1.3.23-2.el7.src", "product_id": "ansible-service-broker-1:1.3.23-2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible-service-broker@1.3.23-2.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "python-elasticsearch-1:5.4.0-2.el7.src", "product": { "name": "python-elasticsearch-1:5.4.0-2.el7.src", "product_id": "python-elasticsearch-1:5.4.0-2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-elasticsearch@5.4.0-2.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "kibana-0:5.6.16-2.el7.src", "product": { "name": "kibana-0:5.6.16-2.el7.src", "product_id": "kibana-0:5.6.16-2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kibana@5.6.16-2.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "product": { "name": "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "product_id": "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.11.146-1.git.0.4aab273.el7?arch=noarch" } } }, { "category": "product_version", "name": "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "product": { "name": "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "product_id": "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.11.146-1.git.0.4aab273.el7?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "product": { "name": "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "product_id": "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1567698330-1.el7?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-0:2.176.3.1568230481-1.el7.noarch", "product": { "name": "jenkins-0:2.176.3.1568230481-1.el7.noarch", "product_id": "jenkins-0:2.176.3.1568230481-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.176.3.1568230481-1.el7?arch=noarch" } } }, { "category": "product_version", "name": "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "product": { "name": "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "product_id": "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible-service-broker-container-scripts@1.3.23-2.el7?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "product": { "name": "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "product_id": "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible-service-broker-selinux@1.3.23-2.el7?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "automation-broker-apb-role-1:1.3.23-2.el7.noarch", "product": { "name": "automation-broker-apb-role-1:1.3.23-2.el7.noarch", "product_id": "automation-broker-apb-role-1:1.3.23-2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/automation-broker-apb-role@1.3.23-2.el7?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "python-elasticsearch-1:5.4.0-2.el7.noarch", "product": { "name": "python-elasticsearch-1:5.4.0-2.el7.noarch", "product_id": "python-elasticsearch-1:5.4.0-2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-elasticsearch@5.4.0-2.el7?arch=noarch\u0026epoch=1" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ansible-service-broker-1:1.3.23-2.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le" }, "product_reference": "ansible-service-broker-1:1.3.23-2.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-service-broker-1:1.3.23-2.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src" }, "product_reference": "ansible-service-broker-1:1.3.23-2.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-service-broker-1:1.3.23-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64" }, "product_reference": "ansible-service-broker-1:1.3.23-2.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch" }, "product_reference": "ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch" }, "product_reference": "ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le" }, "product_reference": "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src" }, "product_reference": "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64" }, "product_reference": "atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le" }, "product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64" }, "product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le" }, "product_reference": "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src" }, "product_reference": "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64" }, "product_reference": "atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le" }, "product_reference": "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64" }, "product_reference": "atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64" }, "product_reference": "atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le" }, "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src" }, "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64" }, "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le" }, "product_reference": "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src" }, "product_reference": "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64" }, "product_reference": "atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch" }, "product_reference": "atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le" }, "product_reference": "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src" }, "product_reference": "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64" }, "product_reference": "atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch" }, "product_reference": "atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le" }, "product_reference": "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64" }, "product_reference": "atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le" }, "product_reference": "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64" }, "product_reference": "atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le" }, "product_reference": "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64" }, "product_reference": "atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le" }, "product_reference": "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src" }, "product_reference": "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64" }, "product_reference": "atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le" }, "product_reference": "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64" }, "product_reference": "atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le" }, "product_reference": "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64" }, "product_reference": "atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le" }, "product_reference": "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64" }, "product_reference": "atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le" }, "product_reference": "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src" }, "product_reference": "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64" }, "product_reference": "atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le" }, "product_reference": "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64" }, "product_reference": "atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le" }, "product_reference": "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64" }, "product_reference": "atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le" }, "product_reference": "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src" }, "product_reference": "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64" }, "product_reference": "atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "automation-broker-apb-role-1:1.3.23-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch" }, "product_reference": "automation-broker-apb-role-1:1.3.23-2.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le" }, "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src" }, "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64" }, "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src" }, "product_reference": "golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src" }, "product_reference": "golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src" }, "product_reference": "golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.176.3.1568230481-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch" }, "product_reference": "jenkins-0:2.176.3.1568230481-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.176.3.1568230481-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src" }, "product_reference": "jenkins-0:2.176.3.1568230481-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch" }, "product_reference": "jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:3.11.1567698330-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src" }, "product_reference": "jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "kibana-0:5.6.16-2.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le" }, "product_reference": "kibana-0:5.6.16-2.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "kibana-0:5.6.16-2.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src" }, "product_reference": "kibana-0:5.6.16-2.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "kibana-0:5.6.16-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64" }, "product_reference": "kibana-0:5.6.16-2.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "kibana-debuginfo-0:5.6.16-2.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le" }, "product_reference": "kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "kibana-debuginfo-0:5.6.16-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64" }, "product_reference": "kibana-debuginfo-0:5.6.16-2.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le" }, "product_reference": "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src" }, "product_reference": "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64" }, "product_reference": "openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le" }, "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src" }, "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64" }, "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le" }, "product_reference": "prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64" }, "product_reference": "prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le" }, "product_reference": "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64" }, "product_reference": "prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le" }, "product_reference": "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64" }, "product_reference": "prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "python-elasticsearch-1:5.4.0-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch" }, "product_reference": "python-elasticsearch-1:5.4.0-2.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "python-elasticsearch-1:5.4.0-2.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src" }, "product_reference": "python-elasticsearch-1:5.4.0-2.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the Kubernetes Product Security Committee" ] } ], "cve": "CVE-2019-11247", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2019-07-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1732192" } ], "notes": [ { "category": "description", "text": "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", "title": "Vulnerability description" }, { "category": "summary", "text": "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11247" }, { "category": "external", "summary": "RHBZ#1732192", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732192" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11247", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11247" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11247" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", "url": "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc" } ], "release_date": "2019-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-09-24T12:31:29+00:00", "details": "Before applying this update, ensure all previously released errata\nrelevant to your system have been applied.\n\nFor OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for release 3.11.146, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2019:2816" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced" }, { "cve": "CVE-2019-11249", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-08-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1737651" } ], "notes": [ { "category": "description", "text": "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user\u2019s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user\u2019s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", "title": "Vulnerability description" }, { "category": "summary", "text": "kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.146-1.git.1.3f0869b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.146-1.git.1.3633245.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.146-1.git.1.fc7387e.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.146-1.git.1.fc1edc6.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.146-1.git.0.4aab273.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.146-1.git.1.5278825.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.146-1.git.1.e0e89f7.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.146-1.git.1.723cb8d.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.146-1.git.0.4aab273.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.146-1.git.1.75951b8.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.146-1.git.1.517a261.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.146-1.git.1.51554ba.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.146-1.git.1.0e18774.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.176.3.1568230481-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1567698330-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.16-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.146-1.git.1.de160cc.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.146-1.git.1.113bc35.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.146-1.git.1.0e18774.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.146-1.git.1.1a30625.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.146-1.git.1.51554ba.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-1:5.4.0-2.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11249" }, { "category": "external", "summary": "RHBZ#1737651", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737651" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11249", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11249" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11249", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11249" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", "url": "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc" } ], "release_date": "2019-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-09-24T12:31:29+00:00", "details": "Before applying this update, ensure all previously released errata\nrelevant to your system have been applied.\n\nFor OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for release 3.11.146, for important\ninstructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2019:2816" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.ppc64le", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.src", "7Server-RH7-RHOSE-3.11:ansible-service-broker-1:1.3.23-2.el7.x86_64", "7Server-RH7-RHOSE-3.11:ansible-service-broker-container-scripts-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:ansible-service-broker-selinux-1:1.3.23-2.el7.noarch", "7Server-RH7-RHOSE-3.11:automation-broker-apb-role-1:1.3.23-2.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal" } ] }
rhsa-2019_2769
Vulnerability from csaf_redhat
Published
2019-10-24 21:31
Modified
2024-11-13 22:09
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.9 security update
Notes
Topic
An security update is now available for Red Hat OpenShift Container Platform 3.9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains RPM packages for Red Hat OpenShift Container
Platform 3.9, which have been rebuilt with an updated version of golang.
Security Fix(es):
* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An security update is now available for Red Hat OpenShift Container Platform 3.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains RPM packages for Red Hat OpenShift Container\nPlatform 3.9, which have been rebuilt with an updated version of golang.\n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:2769", "url": "https://access.redhat.com/errata/RHSA-2019:2769" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1732192", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732192" }, { "category": "external", "summary": "1735645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645" }, { "category": "external", "summary": "1735744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2769.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 3.9 security update", "tracking": { "current_release_date": "2024-11-13T22:09:44+00:00", "generator": { "date": "2024-11-13T22:09:44+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2019:2769", "initial_release_date": "2019-10-24T21:31:32+00:00", "revision_history": [ { "date": "2019-10-24T21:31:32+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-10-24T21:31:32+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-13T22:09:44+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 3.9", "product": { "name": "Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:3.9::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.9.16-3.git858756d.el7.x86_64", "product": { "name": "cri-o-0:1.9.16-3.git858756d.el7.x86_64", "product_id": "cri-o-0:1.9.16-3.git858756d.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.9.16-3.git858756d.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "product": { "name": "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "product_id": "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.9.16-3.git858756d.el7?arch=x86_64" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "product": { "name": "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "product_id": "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@2.1-3.git885c9f40.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "product": { "name": "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "product_id": "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-external-storage-efs-provisioner@0.0.1-9.git78d6339.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "product": { "name": "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "product_id": "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-external-storage-local-provisioner@0.0.1-9.git78d6339.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "product": { "name": "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "product_id": "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-external-storage-snapshot-controller@0.0.1-9.git78d6339.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "product": { "name": "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "product_id": "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-external-storage-snapshot-provisioner@0.0.1-9.git78d6339.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "product": { "name": "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "product_id": "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-external-storage-debuginfo@0.0.1-9.git78d6339.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "product": { "name": "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_id": "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.9.101-1.git.0.150f595.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "product": { "name": "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_id": "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.9.101-1.git.0.150f595.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "product": { "name": "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_id": "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.9.101-1.git.0.150f595.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "product": { "name": "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_id": "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-cluster-capacity@3.9.101-1.git.0.150f595.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "product": { "name": "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_id": "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-federation-services@3.9.101-1.git.0.150f595.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "product": { "name": "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_id": "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-master@3.9.101-1.git.0.150f595.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "product": { "name": "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_id": "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node@3.9.101-1.git.0.150f595.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "product": { "name": "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_id": "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.9.101-1.git.0.150f595.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "product": { "name": "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_id": "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.9.101-1.git.0.150f595.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "product": { "name": "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_id": "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-catalog@3.9.101-1.git.0.150f595.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "product": { "name": "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_id": "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.9.101-1.git.0.150f595.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "product": { "name": "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_id": "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.9.101-1.git.0.150f595.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "product": { "name": "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "product_id": "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.101-1.git.1.601c6d2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "product": { "name": "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "product_id": "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.101-1.git.1.13625cf.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "product": { "name": "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "product_id": "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.9.101-1.git.1.8295224.el7?arch=x86_64" } } }, { "category": "product_version", "name": "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "product": { "name": "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "product_id": "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-prometheus-alert-buffer@0-3.gitceca8c1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "ansible-service-broker-0:1.1.20-2.el7.x86_64", "product": { "name": "ansible-service-broker-0:1.1.20-2.el7.x86_64", "product_id": "ansible-service-broker-0:1.1.20-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible-service-broker@1.1.20-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "heapster-0:1.3.0-4.el7.x86_64", "product": { "name": "heapster-0:1.3.0-4.el7.x86_64", "product_id": "heapster-0:1.3.0-4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/heapster@1.3.0-4.el7?arch=x86_64" } } }, { "category": "product_version", "name": "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "product": { "name": "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "product_id": "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/hawkular-openshift-agent@1.2.2-3.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "product": { "name": "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "product_id": "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-eventrouter@0.1-3.git5bd9251.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "product": { "name": "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "product_id": "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-eventrouter-debuginfo@0.1-3.git5bd9251.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "product": { "name": "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "product_id": "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-tools@1.0.0-6.rhaos3.9.git8e6013a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "product": { "name": "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "product_id": "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.0.0-6.rhaos3.9.git8e6013a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "containernetworking-plugins-0:0.5.2-6.el7.x86_64", "product": { "name": "containernetworking-plugins-0:0.5.2-6.el7.x86_64", "product_id": "containernetworking-plugins-0:0.5.2-6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/containernetworking-plugins@0.5.2-6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "product": { "name": "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "product_id": "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@0.5.2-6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "product": { "name": "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "product_id": "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-promu@0-5.git85ceabc.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "product": { "name": "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "product_id": "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-promu@0-5.git85ceabc.el7?arch=x86_64" } } }, { "category": "product_version", "name": "image-inspector-0:2.1.3-2.el7.x86_64", "product": { "name": "image-inspector-0:2.1.3-2.el7.x86_64", "product_id": "image-inspector-0:2.1.3-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/image-inspector@2.1.3-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "product": { "name": "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "product_id": "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch-ovn-kubernetes@0.1.0-3.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "product": { "name": "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "product_id": "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-image-registry@3.8.0-2.git.216.b6b90bb.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "product": { "name": "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "product_id": "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-2.git.267.bb59a3f.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "product": { "name": "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "product_id": "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-2.git.167.5d6b0d4.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "product": { "name": "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "product_id": "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-alertmanager@0.14.0-2.git30af4d0.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "product": { "name": "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "product_id": "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus@2.2.1-2.gitbc6058c.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "product": { "name": "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "product_id": "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cockpit-kubernetes@195-2.rhaos.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "product": { "name": "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "product_id": "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cockpit-debuginfo@195-2.rhaos.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.9.16-3.git858756d.el7.src", "product": { "name": "cri-o-0:1.9.16-3.git858756d.el7.src", "product_id": "cri-o-0:1.9.16-3.git858756d.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.9.16-3.git858756d.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "product": { "name": "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "product_id": "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@2.1-3.git885c9f40.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "product": { "name": "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "product_id": "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-external-storage@0.0.1-9.git78d6339.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "product": { "name": "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "product_id": "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.9.101-1.git.0.150f595.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "product": { "name": "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "product_id": "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.9.101-1.git.1.601c6d2.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "product": { "name": "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "product_id": "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.101-1.git.1.8295224.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "product": { "name": "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "product_id": "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-prometheus-alert-buffer@0-3.gitceca8c1.el7?arch=src" } } }, { "category": "product_version", "name": "ansible-service-broker-0:1.1.20-2.el7.src", "product": { "name": "ansible-service-broker-0:1.1.20-2.el7.src", "product_id": "ansible-service-broker-0:1.1.20-2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible-service-broker@1.1.20-2.el7?arch=src" } } }, { "category": "product_version", "name": "heapster-0:1.3.0-4.el7.src", "product": { "name": "heapster-0:1.3.0-4.el7.src", "product_id": "heapster-0:1.3.0-4.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/heapster@1.3.0-4.el7?arch=src" } } }, { "category": "product_version", "name": "hawkular-openshift-agent-0:1.2.2-3.el7.src", "product": { "name": "hawkular-openshift-agent-0:1.2.2-3.el7.src", "product_id": "hawkular-openshift-agent-0:1.2.2-3.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hawkular-openshift-agent@1.2.2-3.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "product": { "name": "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "product_id": "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-eventrouter@0.1-3.git5bd9251.el7?arch=src" } } }, { "category": "product_version", "name": "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "product": { "name": "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "product_id": "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-tools@1.0.0-6.rhaos3.9.git8e6013a.el7?arch=src" } } }, { "category": "product_version", "name": "containernetworking-plugins-0:0.5.2-6.el7.src", "product": { "name": "containernetworking-plugins-0:0.5.2-6.el7.src", "product_id": "containernetworking-plugins-0:0.5.2-6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/containernetworking-plugins@0.5.2-6.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "product": { "name": "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "product_id": "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-promu@0-5.git85ceabc.el7?arch=src" } } }, { "category": "product_version", "name": "image-inspector-0:2.1.3-2.el7.src", "product": { "name": "image-inspector-0:2.1.3-2.el7.src", "product_id": "image-inspector-0:2.1.3-2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/image-inspector@2.1.3-2.el7?arch=src" } } }, { "category": "product_version", "name": "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "product": { "name": "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "product_id": "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openvswitch-ovn-kubernetes@0.1.0-3.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "product": { "name": "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "product_id": "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-image-registry@3.8.0-2.git.216.b6b90bb.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "product": { "name": "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "product_id": "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.9.13-2.git.267.bb59a3f.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "product": { "name": "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "product_id": "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.9.13-2.git.167.5d6b0d4.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "product": { "name": "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "product_id": "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-alertmanager@0.14.0-2.git30af4d0.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "product": { "name": "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "product_id": "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-prometheus@2.2.1-2.gitbc6058c.el7?arch=src" } } }, { "category": "product_version", "name": "cockpit-0:195-2.rhaos.el7.src", "product": { "name": "cockpit-0:195-2.rhaos.el7.src", "product_id": "cockpit-0:195-2.rhaos.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cockpit@195-2.rhaos.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "product": { "name": "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "product_id": "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.9.101-1.git.0.150f595.el7?arch=noarch" } } }, { "category": "product_version", "name": "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "product": { "name": "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "product_id": "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.9.101-1.git.0.150f595.el7?arch=noarch" } } }, { "category": "product_version", "name": "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "product": { "name": "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "product_id": "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible-service-broker-container-scripts@1.1.20-2.el7?arch=noarch" } } }, { "category": "product_version", "name": "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "product": { "name": "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "product_id": "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ansible-service-broker-selinux@1.1.20-2.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ansible-service-broker-0:1.1.20-2.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src" }, "product_reference": "ansible-service-broker-0:1.1.20-2.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-service-broker-0:1.1.20-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64" }, "product_reference": "ansible-service-broker-0:1.1.20-2.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch" }, "product_reference": "ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch" }, "product_reference": "ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src" }, "product_reference": "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64" }, "product_reference": "atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64" }, "product_reference": "atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64" }, "product_reference": "atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64" }, "product_reference": "atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src" }, "product_reference": "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64" }, "product_reference": "atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch" }, "product_reference": "atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64" }, "product_reference": "atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch" }, "product_reference": "atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64" }, "product_reference": "atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64" }, "product_reference": "atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64" }, "product_reference": "atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64" }, "product_reference": "atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64" }, "product_reference": "atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64" }, "product_reference": "atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64" }, "product_reference": "atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64" }, "product_reference": "atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src" }, "product_reference": "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64" }, "product_reference": "atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "cockpit-0:195-2.rhaos.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src" }, "product_reference": "cockpit-0:195-2.rhaos.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64" }, "product_reference": "cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64" }, "product_reference": "cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "containernetworking-plugins-0:0.5.2-6.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src" }, "product_reference": "containernetworking-plugins-0:0.5.2-6.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "containernetworking-plugins-0:0.5.2-6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64" }, "product_reference": "containernetworking-plugins-0:0.5.2-6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64" }, "product_reference": "containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.9.16-3.git858756d.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src" }, "product_reference": "cri-o-0:1.9.16-3.git858756d.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.9.16-3.git858756d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64" }, "product_reference": "cri-o-0:1.9.16-3.git858756d.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src" }, "product_reference": "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64" }, "product_reference": "cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64" }, "product_reference": "cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src" }, "product_reference": "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64" }, "product_reference": "golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src" }, "product_reference": "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64" }, "product_reference": "golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src" }, "product_reference": "golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src" }, "product_reference": "golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src" }, "product_reference": "golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src" }, "product_reference": "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64" }, "product_reference": "golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "hawkular-openshift-agent-0:1.2.2-3.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src" }, "product_reference": "hawkular-openshift-agent-0:1.2.2-3.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64" }, "product_reference": "hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "heapster-0:1.3.0-4.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src" }, "product_reference": "heapster-0:1.3.0-4.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "heapster-0:1.3.0-4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64" }, "product_reference": "heapster-0:1.3.0-4.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "image-inspector-0:2.1.3-2.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src" }, "product_reference": "image-inspector-0:2.1.3-2.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "image-inspector-0:2.1.3-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64" }, "product_reference": "image-inspector-0:2.1.3-2.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src" }, "product_reference": "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64" }, "product_reference": "openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src" }, "product_reference": "openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64" }, "product_reference": "openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64" }, "product_reference": "openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src" }, "product_reference": "openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64" }, "product_reference": "openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64" }, "product_reference": "openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64" }, "product_reference": "openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64" }, "product_reference": "openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64" }, "product_reference": "openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src" }, "product_reference": "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64" }, "product_reference": "openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64" }, "product_reference": "prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64" }, "product_reference": "prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64" }, "product_reference": "prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-promu-0:0-5.git85ceabc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.9", "product_id": "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64" }, "product_reference": "prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.9" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the Envoy security team" ] } ], "cve": "CVE-2019-9512", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1735645" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: flood using PING frames results in unbounded memory growth", "title": "Vulnerability summary" }, { "category": "other", "text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9512" }, { "category": "external", "summary": "RHBZ#1735645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9512", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9512" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", "url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", "url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", "url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html" } ], "release_date": "2019-08-13T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-24T21:31:32+00:00", "details": "For OpenShift Container Platform 3.9 see the following documentation, which\nwill be updated shortly for release 3.9.100, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html", "product_ids": [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2769" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: flood using PING frames results in unbounded memory growth" }, { "acknowledgments": [ { "names": [ "the Envoy security team" ] } ], "cve": "CVE-2019-9514", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1735744" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: flood using HEADERS frames results in unbounded memory growth", "title": "Vulnerability summary" }, { "category": "other", "text": "The golang package in Red Hat OpenStack Platform 9 Operational Tools will not be updated for this flaw because it is in technical preview and is retiring as of 24.Aug.2019.\nThis issue did not affect the versions of grafana(embeds golang) as shipped with Red Hat Ceph Storage 2 and Red Hat Gluster Storage 3 as they did not include the support for HTTP/2.\nThe following storage product versions are affected because they include the support for HTTP/2 in:\n* golang as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3\n* heketi(embeds golang) as shipped with Red Hat Gluster Storage 3\n* grafana(embeds golang and grpc) as shipped with Red Hat Ceph Storage 3\nThis flaw has no available mitigation for packages golang and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.\n\nAll OpenShift Container Platform RPMs and container images that are built with Go and support HTTP/2 are vulnerable to this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9514" }, { "category": "external", "summary": "RHBZ#1735744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9514", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9514" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg", "url": "https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA", "url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html", "url": "https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html" } ], "release_date": "2019-08-13T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-24T21:31:32+00:00", "details": "For OpenShift Container Platform 3.9 see the following documentation, which\nwill be updated shortly for release 3.9.100, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html", "product_ids": [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2769" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: flood using HEADERS frames results in unbounded memory growth" }, { "acknowledgments": [ { "names": [ "the Kubernetes Product Security Committee" ] } ], "cve": "CVE-2019-11247", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2019-07-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1732192" } ], "notes": [ { "category": "description", "text": "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", "title": "Vulnerability description" }, { "category": "summary", "text": "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11247" }, { "category": "external", "summary": "RHBZ#1732192", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732192" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11247", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11247" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11247" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", "url": "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc" } ], "release_date": "2019-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-24T21:31:32+00:00", "details": "For OpenShift Container Platform 3.9 see the following documentation, which\nwill be updated shortly for release 3.9.100, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_release_notes.html", "product_ids": [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2769" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.src", "7Server-RH7-RHOSE-3.9:ansible-service-broker-0:1.1.20-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:ansible-service-broker-container-scripts-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:ansible-service-broker-selinux-0:1.1.20-2.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-clients-redistributable-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-cluster-capacity-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-docker-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-excluder-0:3.9.101-1.git.0.150f595.el7.noarch", "7Server-RH7-RHOSE-3.9:atomic-openshift-federation-services-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-master-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-pod-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-sdn-ovs-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-service-catalog-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-template-service-broker-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-tests-0:3.9.101-1.git.0.150f595.el7.x86_64", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.src", "7Server-RH7-RHOSE-3.9:atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-0:195-2.rhaos.el7.src", "7Server-RH7-RHOSE-3.9:cockpit-debuginfo-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:cockpit-kubernetes-0:195-2.rhaos.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.src", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:containernetworking-plugins-debuginfo-0:0.5.2-6.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.src", "7Server-RH7-RHOSE-3.9:cri-o-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-o-debuginfo-0:1.9.16-3.git858756d.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.src", "7Server-RH7-RHOSE-3.9:cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:cri-tools-debuginfo-0:1.0.0-6.rhaos3.9.git8e6013a.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7.x86_64", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.src", "7Server-RH7-RHOSE-3.9:golang-github-prometheus-promu-0:0-5.git85ceabc.el7.x86_64", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.src", "7Server-RH7-RHOSE-3.9:hawkular-openshift-agent-0:1.2.2-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.src", "7Server-RH7-RHOSE-3.9:heapster-0:1.3.0-4.el7.x86_64", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.src", "7Server-RH7-RHOSE-3.9:image-inspector-0:2.1.3-2.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.src", "7Server-RH7-RHOSE-3.9:openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.src", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-eventrouter-debuginfo-0:0.1-3.git5bd9251.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-0:0.0.1-9.git78d6339.el7.src", "7Server-RH7-RHOSE-3.9:openshift-external-storage-debuginfo-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-efs-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-local-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-controller-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openshift-external-storage-snapshot-provisioner-0:0.0.1-9.git78d6339.el7.x86_64", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.src", "7Server-RH7-RHOSE-3.9:openvswitch-ovn-kubernetes-0:0.1.0-3.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-0:2.2.1-2.gitbc6058c.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-node-exporter-0:3.9.101-1.git.1.8295224.el7.x86_64", "7Server-RH7-RHOSE-3.9:prometheus-promu-0:0-5.git85ceabc.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced" } ] }
rhsa-2019_2504
Vulnerability from csaf_redhat
Published
2019-08-15 13:28
Modified
2024-11-05 21:21
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.1.11 openshift security update
Notes
Topic
An update for openshift is now available for Red Hat OpenShift Container Platform 4.1.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for openshift is now available for Red Hat OpenShift Container Platform 4.1.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced (CVE-2019-11247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:2504", "url": "https://access.redhat.com/errata/RHSA-2019:2504" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1732192", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732192" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2504.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.1.11 openshift security update", "tracking": { "current_release_date": "2024-11-05T21:21:00+00:00", "generator": { "date": "2024-11-05T21:21:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2019:2504", "initial_release_date": "2019-08-15T13:28:09+00:00", "revision_history": [ { "date": "2019-08-15T13:28:09+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-08-15T13:28:09+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T21:21:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.1", "product": { "name": "Red Hat OpenShift Container Platform 4.1", "product_id": "7Server-RH7-RHOSE-4.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.1::el7" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.1", "product": { "name": "Red Hat OpenShift Container Platform 4.1", "product_id": "8Base-RHOSE-4.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.1::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "product": { "name": "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "product_id": "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.1.10-201908060758.git.0.d81afa6.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "product": { "name": "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "product_id": "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.1.10-201908060758.git.0.d81afa6.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "product": { "name": "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "product_id": "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.1.10-201908060758.git.0.d81afa6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "product_id": "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.1.10-201908060758.git.0.d81afa6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "product": { "name": "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "product_id": "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.1.10-201908060758.git.0.d81afa6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "product": { "name": "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "product_id": "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.1.10-201908060758.git.0.d81afa6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "product_id": "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.1.10-201908060758.git.0.d81afa6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "product_id": "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.1.10-201908060758.git.0.d81afa6.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src as a component of Red Hat OpenShift Container Platform 4.1", "product_id": "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src" }, "product_reference": "openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", "product_id": "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64" }, "product_reference": "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", "product_id": "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", "product_id": "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64" }, "product_reference": "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src as a component of Red Hat OpenShift Container Platform 4.1", "product_id": "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src" }, "product_reference": "openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", "product_id": "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64" }, "product_reference": "openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", "product_id": "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.1", "product_id": "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.1" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the Kubernetes Product Security Committee" ] } ], "cve": "CVE-2019-11247", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2019-07-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1732192" } ], "notes": [ { "category": "description", "text": "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", "title": "Vulnerability description" }, { "category": "summary", "text": "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11247" }, { "category": "external", "summary": "RHBZ#1732192", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732192" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11247", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11247" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11247", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11247" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc", "url": "https://groups.google.com/forum/#!topic/kubernetes-security-discuss/Vf31dXp0EJc" } ], "release_date": "2019-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-15T13:28:09+00:00", "details": "For OpenShift Container Platform 4.1 see the following documentation, which\nwill be updated shortly for release 4.1.11, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-release-notes.html", "product_ids": [ "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2504" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Server-RH7-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el7.src", "7Server-RH7-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "7Server-RH7-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el7.x86_64", "8Base-RHOSE-4.1:openshift-0:4.1.10-201908060758.git.0.d81afa6.el8.src", "8Base-RHOSE-4.1:openshift-clients-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-clients-redistributable-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64", "8Base-RHOSE-4.1:openshift-hyperkube-0:4.1.10-201908060758.git.0.d81afa6.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced" } ] }
ghsa-fp37-c92q-4pwq
Vulnerability from github
Published
2022-05-24 16:55
Modified
2023-09-25 19:56
Severity ?
Summary
Kubernetes kube-apiserver unauthorized access
Details
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.
{ "affected": [ { "package": { "ecosystem": "Go", "name": "k8s.io/apiextensions-apiserver" }, "ranges": [ { "events": [ { "introduced": "0.7.0" }, { "fixed": "0.13.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "k8s.io/apiextensions-apiserver" }, "ranges": [ { "events": [ { "introduced": "0.14.0" }, { "fixed": "0.14.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "k8s.io/apiextensions-apiserver" }, "ranges": [ { "events": [ { "introduced": "0.15.0" }, { "fixed": "0.15.2" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2019-11247" ], "database_specific": { "cwe_ids": [ "CWE-863" ], "github_reviewed": true, "github_reviewed_at": "2023-07-17T23:39:36Z", "nvd_published_at": "2019-08-29T01:15:00Z", "severity": "HIGH" }, "details": "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.", "id": "GHSA-fp37-c92q-4pwq", "modified": "2023-09-25T19:56:20Z", "published": "2022-05-24T16:55:06Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11247" }, { "type": "WEB", "url": "https://github.com/kubernetes/kubernetes/issues/80983" }, { "type": "WEB", "url": "https://github.com/kubernetes/kubernetes/pull/80750" }, { "type": "WEB", "url": "https://github.com/kubernetes/kubernetes/pull/80850" }, { "type": "WEB", "url": "https://github.com/kubernetes/kubernetes/pull/80851" }, { "type": "WEB", "url": "https://github.com/kubernetes/kubernetes/pull/80852" }, { "type": "WEB", "url": "https://github.com/kubernetes/apiextensions-apiserver/commit/b9b7d2b3f32f8edbeb47b8726710eeb868bce196" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHBA-2019:2816" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHBA-2019:2824" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:2690" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:2769" }, { "type": "PACKAGE", "url": "https://github.com/kubernetes/apiextensions-apiserver" }, { "type": "WEB", "url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20190919-0003" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "type": "CVSS_V3" } ], "summary": "Kubernetes kube-apiserver unauthorized access" }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.