Action not permitted
Modal body text goes here.
cve-2020-2255
Vulnerability from cvelistv5
Published
2020-09-16 13:20
Modified
2024-08-04 07:01
Severity ?
EPSS score ?
Summary
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Jenkins project | Jenkins Blue Ocean Plugin |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:01:41.230Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961" }, { "name": "[oss-security] 20200916 Multiple vulnerabilities in Jenkins plugins", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2020/09/16/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Jenkins Blue Ocean Plugin", "vendor": "Jenkins project", "versions": [ { "lessThanOrEqual": "1.23.2", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "status": "unaffected", "version": "1.19.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL." } ], "providerMetadata": { "dateUpdated": "2023-10-24T16:07:57.668Z", "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961" }, { "name": "[oss-security] 20200916 Multiple vulnerabilities in Jenkins plugins", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2020/09/16/3" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2020-2255", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Jenkins Blue Ocean Plugin", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "1.23.2" }, { "version_affected": "!", "version_value": "1.19.2" } ] } } ] }, "vendor_name": "Jenkins project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-862: Missing Authorization" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961", "refsource": "CONFIRM", "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961" }, { "name": "[oss-security] 20200916 Multiple vulnerabilities in Jenkins plugins", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/09/16/3" } ] } } } }, "cveMetadata": { "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2020-2255", "datePublished": "2020-09-16T13:20:40", "dateReserved": "2019-12-05T00:00:00", "dateUpdated": "2024-08-04T07:01:41.230Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-2255\",\"sourceIdentifier\":\"jenkinsci-cert@googlegroups.com\",\"published\":\"2020-09-16T14:15:13.237\",\"lastModified\":\"2023-10-25T18:16:39.430\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.\"},{\"lang\":\"es\",\"value\":\"Una falta de comprobaci\u00f3n de permisos en Jenkins Blue Ocean Plugin versiones 1.23.2 y anteriores, permite a atacantes con permiso Overall/Read conectarse a una URL especificada por el atacante\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*\",\"versionEndIncluding\":\"1.23.2\",\"matchCriteriaId\":\"B3432A51-DB0A-4834-BCBF-FD069730BFE4\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2020/09/16/3\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
rhsa-2020_5102
Vulnerability from csaf_redhat
Published
2020-11-17 04:40
Modified
2024-11-05 23:00
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.11.318 jenkins-2-plugins security update
Notes
Topic
An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin could result in MITM (CVE-2020-2252)
* jenkins-2-plugins/blueocean: Path traversal vulnerability in Blue Ocean Plugin could allow to read arbitrary files (CVE-2020-2254)
* jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests (CVE-2020-2255)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin could result in MITM (CVE-2020-2252)\n\n* jenkins-2-plugins/blueocean: Path traversal vulnerability in Blue Ocean Plugin could allow to read arbitrary files (CVE-2020-2254)\n\n* jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests (CVE-2020-2255)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:5102", "url": "https://access.redhat.com/errata/RHSA-2020:5102" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1880454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880454" }, { "category": "external", "summary": "1880456", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880456" }, { "category": "external", "summary": "1880460", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880460" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5102.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 3.11.318 jenkins-2-plugins security update", "tracking": { "current_release_date": "2024-11-05T23:00:19+00:00", "generator": { "date": "2024-11-05T23:00:19+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:5102", "initial_release_date": "2020-11-17T04:40:41+00:00", "revision_history": [ { "date": "2020-11-17T04:40:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-11-17T04:40:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:00:19+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 3.11", "product": { "name": "Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:3.11::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "jenkins-2-plugins-0:3.11.1603460090-1.el7.noarch", "product": { "name": "jenkins-2-plugins-0:3.11.1603460090-1.el7.noarch", "product_id": "jenkins-2-plugins-0:3.11.1603460090-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1603460090-1.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "jenkins-2-plugins-0:3.11.1603460090-1.el7.src", "product": { "name": "jenkins-2-plugins-0:3.11.1603460090-1.el7.src", "product_id": "jenkins-2-plugins-0:3.11.1603460090-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1603460090-1.el7?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:3.11.1603460090-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.noarch" }, "product_reference": "jenkins-2-plugins-0:3.11.1603460090-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:3.11.1603460090-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.src" }, "product_reference": "jenkins-2-plugins-0:3.11.1603460090-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-2252", "cwe": { "id": "CWE-297", "name": "Improper Validation of Certificate with Host Mismatch" }, "discovery_date": "2020-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1880454" } ], "notes": [ { "category": "description", "text": "Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin could result in MITM", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2252" }, { "category": "external", "summary": "RHBZ#1880454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880454" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2252", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2252" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2252", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2252" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1813", "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1813" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2020/09/16/3", "url": "https://www.openwall.com/lists/oss-security/2020/09/16/3" } ], "release_date": "2020-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-17T04:40:41+00:00", "details": "See the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5102" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin could result in MITM" }, { "cve": "CVE-2020-2254", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2020-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1880456" } ], "notes": [ { "category": "description", "text": "Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/blueocean: Path traversal vulnerability in Blue Ocean Plugin could allow to read arbitrary files", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2254" }, { "category": "external", "summary": "RHBZ#1880456", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880456" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2254", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2254" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2254", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2254" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2020/09/16/3", "url": "http://www.openwall.com/lists/oss-security/2020/09/16/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1956", "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1956" } ], "release_date": "2020-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-17T04:40:41+00:00", "details": "See the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5102" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/blueocean: Path traversal vulnerability in Blue Ocean Plugin could allow to read arbitrary files" }, { "cve": "CVE-2020-2255", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "discovery_date": "2020-09-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1880460" } ], "notes": [ { "category": "description", "text": "A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2255" }, { "category": "external", "summary": "RHBZ#1880460", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880460" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2255", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2255" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2255", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2255" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961", "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2020/09/16/3", "url": "https://www.openwall.com/lists/oss-security/2020/09/16/3" } ], "release_date": "2020-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-11-17T04:40:41+00:00", "details": "See the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:5102" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1603460090-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests." } ] }
rhsa-2020_4297
Vulnerability from csaf_redhat
Published
2020-10-27 14:53
Modified
2024-11-05 22:52
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.6.1 package security update
Notes
Topic
An update for jenkins-2-plugins, openshift-clients, podman, runc, and skopeo is now available for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
* jenkins-jira-plugin: plugin information disclosure (CVE-2019-16541)
* jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin could result in MITM (CVE-2020-2252)
* jenkins-2-plugins/blueocean: Path traversal vulnerability in Blue Ocean Plugin could allow to read arbitrary files (CVE-2020-2254)
* jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests. (CVE-2020-2255)
* kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4 (CVE-2020-8564)
* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
* podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API (CVE-2020-14370)
* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for jenkins-2-plugins, openshift-clients, podman, runc, and skopeo is now available for Red Hat OpenShift Container Platform 4.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nThe runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.\n\nThe skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. \n\nSecurity Fix(es):\n\n* jenkins-jira-plugin: plugin information disclosure (CVE-2019-16541)\n\n* jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin could result in MITM (CVE-2020-2252)\n\n* jenkins-2-plugins/blueocean: Path traversal vulnerability in Blue Ocean Plugin could allow to read arbitrary files (CVE-2020-2254)\n\n* jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests. (CVE-2020-2255)\n\n* kubernetes: Docker config secrets leaked when file is malformed and loglevel \u003e= 4 (CVE-2020-8564)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API (CVE-2020-14370)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:4297", "url": "https://access.redhat.com/errata/RHSA-2020:4297" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1819663", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819663" }, { "category": "external", "summary": "1853652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652" }, { "category": "external", "summary": "1867099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099" }, { "category": "external", "summary": "1874268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874268" }, { "category": "external", "summary": "1880454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880454" }, { "category": "external", "summary": "1880456", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880456" }, { "category": "external", "summary": "1880460", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880460" }, { "category": "external", "summary": "1886637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886637" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4297.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.6.1 package security update", "tracking": { "current_release_date": "2024-11-05T22:52:12+00:00", "generator": { "date": "2024-11-05T22:52:12+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2020:4297", "initial_release_date": "2020-10-27T14:53:57+00:00", "revision_history": [ { "date": "2020-10-27T14:53:57+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-10-27T14:53:57+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T22:52:12+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.6", "product": { "name": "Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.6::el8" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.6", "product": { "name": "Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.6::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "podman-0:1.9.3-3.rhaos4.6.el8.s390x", "product": { "name": "podman-0:1.9.3-3.rhaos4.6.el8.s390x", "product_id": "podman-0:1.9.3-3.rhaos4.6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman@1.9.3-3.rhaos4.6.el8?arch=s390x" } } }, { "category": "product_version", "name": "podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "product": { "name": "podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "product_id": "podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-remote@1.9.3-3.rhaos4.6.el8?arch=s390x" } } }, { "category": "product_version", "name": "podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "product": { "name": "podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "product_id": "podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-tests@1.9.3-3.rhaos4.6.el8?arch=s390x" } } }, { "category": "product_version", "name": "podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "product": { "name": "podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "product_id": "podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-debugsource@1.9.3-3.rhaos4.6.el8?arch=s390x" } } }, { "category": "product_version", "name": "podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "product": { "name": "podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "product_id": "podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-debuginfo@1.9.3-3.rhaos4.6.el8?arch=s390x" } } }, { "category": "product_version", "name": "podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "product": { "name": "podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "product_id": "podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-remote-debuginfo@1.9.3-3.rhaos4.6.el8?arch=s390x" } } }, { "category": "product_version", "name": "containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "product": { "name": "containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "product_id": "containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/containers-common@1.1.1-2.rhaos4.6.el8?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "product": { "name": "skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "product_id": "skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/skopeo@1.1.1-2.rhaos4.6.el8?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "product": { "name": "skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "product_id": "skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/skopeo-tests@1.1.1-2.rhaos4.6.el8?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "product": { "name": "skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "product_id": "skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/skopeo-debugsource@1.1.1-2.rhaos4.6.el8?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "product": { "name": "skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "product_id": "skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/skopeo-debuginfo@1.1.1-2.rhaos4.6.el8?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "product": { "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "product_id": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-81.rhaos4.6.git5b757d4.el8?arch=s390x" } } }, { "category": "product_version", "name": "runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "product": { "name": "runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "product_id": "runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-81.rhaos4.6.git5b757d4.el8?arch=s390x" } } }, { "category": "product_version", "name": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "product": { "name": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "product_id": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-81.rhaos4.6.git5b757d4.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "product": { "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "product_id": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202010081244.p0.git.3794.4743d24.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product": { "name": "podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product_id": "podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman@1.9.3-3.rhaos4.6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product": { "name": "podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product_id": "podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-remote@1.9.3-3.rhaos4.6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product": { "name": "podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product_id": "podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-tests@1.9.3-3.rhaos4.6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product": { "name": "podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product_id": "podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-debugsource@1.9.3-3.rhaos4.6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product": { "name": "podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product_id": "podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-debuginfo@1.9.3-3.rhaos4.6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product": { "name": "podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product_id": "podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-remote-debuginfo@1.9.3-3.rhaos4.6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "product": { "name": "containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "product_id": "containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/containers-common@1.1.1-2.rhaos4.6.el8?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "product": { "name": "skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "product_id": "skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/skopeo@1.1.1-2.rhaos4.6.el8?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "product": { "name": "skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "product_id": "skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/skopeo-tests@1.1.1-2.rhaos4.6.el8?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "product": { "name": "skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "product_id": "skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/skopeo-debugsource@1.1.1-2.rhaos4.6.el8?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "product": { "name": "skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "product_id": "skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/skopeo-debuginfo@1.1.1-2.rhaos4.6.el8?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "product": { "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "product_id": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-81.rhaos4.6.git5b757d4.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "product": { "name": "runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "product_id": "runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-81.rhaos4.6.git5b757d4.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "product": { "name": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "product_id": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-81.rhaos4.6.git5b757d4.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "product": { "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "product_id": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202010081244.p0.git.3794.4743d24.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "product": { "name": "podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "product_id": "podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman@1.9.3-3.rhaos4.6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "product": { "name": "podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "product_id": "podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-remote@1.9.3-3.rhaos4.6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "product": { "name": "podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "product_id": "podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-tests@1.9.3-3.rhaos4.6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "product": { "name": "podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "product_id": "podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-debugsource@1.9.3-3.rhaos4.6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "product": { "name": "podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "product_id": "podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-debuginfo@1.9.3-3.rhaos4.6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "product": { "name": "podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "product_id": "podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-remote-debuginfo@1.9.3-3.rhaos4.6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "product": { "name": "containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "product_id": "containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/containers-common@1.1.1-2.rhaos4.6.el8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "product": { "name": "skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "product_id": "skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/skopeo@1.1.1-2.rhaos4.6.el8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64", "product": { "name": "skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64", "product_id": "skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/skopeo-tests@1.1.1-2.rhaos4.6.el8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "product": { "name": "skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "product_id": "skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/skopeo-debugsource@1.1.1-2.rhaos4.6.el8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "product": { "name": "skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "product_id": "skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/skopeo-debuginfo@1.1.1-2.rhaos4.6.el8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "product": { "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "product_id": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-81.rhaos4.6.git5b757d4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "product": { "name": "runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "product_id": "runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-81.rhaos4.6.git5b757d4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "product": { "name": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "product_id": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-81.rhaos4.6.git5b757d4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "product": { "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "product_id": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202010081244.p0.git.3794.4743d24.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "product_id": "openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.6.0-202010081244.p0.git.3794.4743d24.el8?arch=x86_64" } } }, { "category": "product_version", "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "product": { "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "product_id": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-81.rhaos4.6.git5b757d4.el7?arch=x86_64" } } }, { "category": "product_version", "name": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "product": { "name": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "product_id": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-81.rhaos4.6.git5b757d4.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "product": { "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "product_id": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202010081244.p0.git.3794.4743d24.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "product_id": "openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.6.0-202010081244.p0.git.3794.4743d24.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "podman-0:1.9.3-3.rhaos4.6.el8.src", "product": { "name": "podman-0:1.9.3-3.rhaos4.6.el8.src", "product_id": "podman-0:1.9.3-3.rhaos4.6.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman@1.9.3-3.rhaos4.6.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.6.1601368321-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.6.1601368321-1.el8.src", "product_id": "jenkins-2-plugins-0:4.6.1601368321-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.6.1601368321-1.el8?arch=src" } } }, { "category": "product_version", "name": "skopeo-1:1.1.1-2.rhaos4.6.el8.src", "product": { "name": "skopeo-1:1.1.1-2.rhaos4.6.el8.src", "product_id": "skopeo-1:1.1.1-2.rhaos4.6.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/skopeo@1.1.1-2.rhaos4.6.el8?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "product": { "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "product_id": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-81.rhaos4.6.git5b757d4.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "product": { "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "product_id": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202010081244.p0.git.3794.4743d24.el8?arch=src" } } }, { "category": "product_version", "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "product": { "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "product_id": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/runc@1.0.0-81.rhaos4.6.git5b757d4.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "product": { "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "product_id": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202010081244.p0.git.3794.4743d24.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "product": { "name": "podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "product_id": "podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/podman-docker@1.9.3-3.rhaos4.6.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.6.1601368321-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src" }, "product_reference": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64" }, "product_reference": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src" }, "product_reference": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64" }, "product_reference": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64" }, "product_reference": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le" }, "product_reference": "containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "containers-common-1:1.1.1-2.rhaos4.6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x" }, "product_reference": "containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64" }, "product_reference": "containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.6.1601368321-1.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.6.1601368321-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le" }, "product_reference": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x" }, "product_reference": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src" }, "product_reference": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64" }, "product_reference": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-0:1.9.3-3.rhaos4.6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le" }, "product_reference": "podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-0:1.9.3-3.rhaos4.6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x" }, "product_reference": "podman-0:1.9.3-3.rhaos4.6.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-0:1.9.3-3.rhaos4.6.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src" }, "product_reference": "podman-0:1.9.3-3.rhaos4.6.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-0:1.9.3-3.rhaos4.6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64" }, "product_reference": "podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le" }, "product_reference": "podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x" }, "product_reference": "podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64" }, "product_reference": "podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le" }, "product_reference": "podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x" }, "product_reference": "podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64" }, "product_reference": "podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch" }, "product_reference": "podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le" }, "product_reference": "podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x" }, "product_reference": "podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64" }, "product_reference": "podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le" }, "product_reference": "podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x" }, "product_reference": "podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64" }, "product_reference": "podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le" }, "product_reference": "podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x" }, "product_reference": "podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64" }, "product_reference": "podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le" }, "product_reference": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x" }, "product_reference": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src" }, "product_reference": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64" }, "product_reference": "runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le" }, "product_reference": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x" }, "product_reference": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64" }, "product_reference": "runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le" }, "product_reference": "runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x" }, "product_reference": "runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64" }, "product_reference": "runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le" }, "product_reference": "skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "skopeo-1:1.1.1-2.rhaos4.6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x" }, "product_reference": "skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "skopeo-1:1.1.1-2.rhaos4.6.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src" }, "product_reference": "skopeo-1:1.1.1-2.rhaos4.6.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64" }, "product_reference": "skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le" }, "product_reference": "skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x" }, "product_reference": "skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64" }, "product_reference": "skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le" }, "product_reference": "skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x" }, "product_reference": "skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64" }, "product_reference": "skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le" }, "product_reference": "skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x" }, "product_reference": "skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" }, "product_reference": "skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-16541", "cwe": { "id": "CWE-522", "name": "Insufficiently Protected Credentials" }, "discovery_date": "2019-11-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1819663" } ], "notes": [ { "category": "description", "text": "Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-jira-plugin: plugin information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16541" }, { "category": "external", "summary": "RHBZ#1819663", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819663" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16541", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16541" }, { "category": "external", "summary": "https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1106", "url": "https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1106" } ], "release_date": "2019-11-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-10-27T14:53:57+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4297" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-jira-plugin: plugin information disclosure" }, { "cve": "CVE-2020-2252", "cwe": { "id": "CWE-297", "name": "Improper Validation of Certificate with Host Mismatch" }, "discovery_date": "2020-09-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1880454" } ], "notes": [ { "category": "description", "text": "Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin could result in MITM", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2252" }, { "category": "external", "summary": "RHBZ#1880454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880454" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2252", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2252" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2252", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2252" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1813", "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1813" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2020/09/16/3", "url": "https://www.openwall.com/lists/oss-security/2020/09/16/3" } ], "release_date": "2020-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-10-27T14:53:57+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4297" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin could result in MITM" }, { "cve": "CVE-2020-2254", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2020-09-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1880456" } ], "notes": [ { "category": "description", "text": "Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/blueocean: Path traversal vulnerability in Blue Ocean Plugin could allow to read arbitrary files", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2254" }, { "category": "external", "summary": "RHBZ#1880456", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880456" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2254", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2254" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2254", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2254" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2020/09/16/3", "url": "http://www.openwall.com/lists/oss-security/2020/09/16/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1956", "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1956" } ], "release_date": "2020-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-10-27T14:53:57+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4297" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/blueocean: Path traversal vulnerability in Blue Ocean Plugin could allow to read arbitrary files" }, { "cve": "CVE-2020-2255", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "discovery_date": "2020-09-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1880460" } ], "notes": [ { "category": "description", "text": "A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-2255" }, { "category": "external", "summary": "RHBZ#1880460", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880460" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2255", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2255" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2255", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2255" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961", "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2020/09/16/3", "url": "https://www.openwall.com/lists/oss-security/2020/09/16/3" } ], "release_date": "2020-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-10-27T14:53:57+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4297" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests." }, { "acknowledgments": [ { "names": [ "the Kubernetes Product Security Committee" ] }, { "names": [ "Nikolaos Moraitis" ], "organization": "Red Hat", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2020-8564", "cwe": { "id": "CWE-117", "name": "Improper Output Neutralization for Logs" }, "discovery_date": "2020-10-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1886637" } ], "notes": [ { "category": "description", "text": "A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This can occur with client tools like `kubectl`, or other components that use registry credentials in a docker config file.", "title": "Vulnerability description" }, { "category": "summary", "text": "kubernetes: Docker config secrets leaked when file is malformed and loglevel \u003e= 4", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8564" }, { "category": "external", "summary": "RHBZ#1886637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886637" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8564", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8564" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8564", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8564" }, { "category": "external", "summary": "https://github.com/kubernetes/kubernetes/issues/95622", "url": "https://github.com/kubernetes/kubernetes/issues/95622" }, { "category": "external", "summary": "https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk", "url": "https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk" } ], "release_date": "2020-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-10-27T14:53:57+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4297" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kubernetes: Docker config secrets leaked when file is malformed and loglevel \u003e= 4" }, { "cve": "CVE-2020-14040", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2020-06-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853652" } ], "notes": [ { "category": "description", "text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash", "title": "Vulnerability summary" }, { "category": "other", "text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14040" }, { "category": "external", "summary": "RHBZ#1853652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040" }, { "category": "external", "summary": "https://github.com/golang/go/issues/39491", "url": "https://github.com/golang/go/issues/39491" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0", "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0" } ], "release_date": "2020-06-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-10-27T14:53:57+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4297" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash" }, { "cve": "CVE-2020-14370", "cwe": { "id": "CWE-212", "name": "Improper Removal of Sensitive Information Before Storage or Transfer" }, "discovery_date": "2020-07-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1874268" } ], "notes": [ { "category": "description", "text": "An information disclosure flaw was found in containers/podman. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container leak into subsequent containers. This flaw allows an attacker who controls the subsequent containers to gain access to sensitive information stored in such variables. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API", "title": "Vulnerability summary" }, { "category": "other", "text": "Whilst OpenShift Container Platform (OCP) does include podman, the Varlink API is not enabled by default. However, as it is trivial to activate this feature, OCP has been marked as affected.\n\nOCP 3.11 has previously packaged podman, but instead now relies on the version from rhel-extra.The older version previously packaged is not vulnerable to this CVE and hence has been marked not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14370" }, { "category": "external", "summary": "RHBZ#1874268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14370", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14370" } ], "release_date": "2020-09-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-10-27T14:53:57+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4297" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API" }, { "cve": "CVE-2020-15586", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2020-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1856953" } ], "notes": [ { "category": "description", "text": "A flaw was found Go\u0027s net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) components are primarily written in Go, meaning that any component using the net/http package includes the vulnerable code. OCP server endpoints using ReverseProxy are protected by authentication, reducing the severity of this vulnerability to Low for OCP.\n\nSimilar to OCP, OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization are also primarily written in Go and are protected via authentication, reducing the severity of this vulnerability to Low.\n\nRed Hat Gluster Storage 3 and Red Hat Openshift Container Storage 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.\n\nRed Hat Ceph Storage 3 and 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15586" }, { "category": "external", "summary": "RHBZ#1856953", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15586", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15586" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ", "url": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ" } ], "release_date": "2020-07-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-10-27T14:53:57+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4297" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS" }, { "cve": "CVE-2020-16845", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2020-08-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1867099" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization components are primarily written in Go, meaning that any component using the encoding/binary package includes the vulnerable code. The affected components are behind OpenShift OAuth authentication, therefore the impact is low.\n\nRed Hat Gluster Storage 3, Red Hat OpenShift Container Storage 4 and Red Hat Ceph Storage (3 and 4) components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64" ], "known_not_affected": [ "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:containers-common-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1601368321-1.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.src", "8Base-RHOSE-4.6:skopeo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:skopeo-tests-1:1.1.1-2.rhaos4.6.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-16845" }, { "category": "external", "summary": "RHBZ#1867099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-16845", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16845" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo", "url": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-10-27T14:53:57+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:4297" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.src", "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.src", "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.src", "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.src", "8Base-RHOSE-4.6:podman-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-debugsource-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-docker-0:1.9.3-3.rhaos4.6.el8.noarch", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.ppc64le", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.s390x", "8Base-RHOSE-4.6:podman-tests-0:1.9.3-3.rhaos4.6.el8.x86_64", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.src", "8Base-RHOSE-4.6:runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.s390x", "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs" } ] }
ghsa-vc7g-4269-f7hw
Vulnerability from github
Published
2022-05-24 17:28
Modified
2022-12-29 01:31
Severity ?
Summary
Missing permission check in Blue Ocean Plugin
Details
Updated 2020-09-16
This entry previously misidentified the problematic behavior. The HTTP request itself is legitimate, but only authorized users should be able to perform it.
Original Description
Blue Ocean Plugin 1.23.2 and earlier does not perform permission checks in several HTTP endpoints implementing connection tests.
This allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Blue Ocean Plugin 1.23.3 requires Item/Create permission to perform these connection tests.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 1.23.2" }, "package": { "ecosystem": "Maven", "name": "io.jenkins.blueocean:blueocean" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.23.3" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2020-2255" ], "database_specific": { "cwe_ids": [ "CWE-862" ], "github_reviewed": true, "github_reviewed_at": "2022-12-29T01:31:52Z", "nvd_published_at": "2020-09-16T14:15:00Z", "severity": "MODERATE" }, "details": "### Updated 2020-09-16\nThis entry previously misidentified the problematic behavior. The HTTP request itself is legitimate, but only authorized users should be able to perform it.\n\n### Original Description\nBlue Ocean Plugin 1.23.2 and earlier does not perform permission checks in several HTTP endpoints implementing connection tests.\n\nThis allows attackers with Overall/Read permission to connect to an attacker-specified URL.\n\nBlue Ocean Plugin 1.23.3 requires Item/Create permission to perform these connection tests.", "id": "GHSA-vc7g-4269-f7hw", "modified": "2022-12-29T01:31:52Z", "published": "2022-05-24T17:28:25Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2255" }, { "type": "WEB", "url": "https://github.com/jenkinsci/blueocean-plugin/commit/659a66aff0d0ad693eab9d2807985d591e102aab" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2020/09/16/3" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "type": "CVSS_V3" } ], "summary": "Missing permission check in Blue Ocean Plugin" }
gsd-2020-2255
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2020-2255", "description": "A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.", "id": "GSD-2020-2255", "references": [ "https://access.redhat.com/errata/RHSA-2020:5102", "https://access.redhat.com/errata/RHSA-2020:4297" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-2255" ], "details": "A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.", "id": "GSD-2020-2255", "modified": "2023-12-13T01:21:50.649122Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2020-2255", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Jenkins Blue Ocean Plugin", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "versions": [ { "lessThanOrEqual": "1.23.2", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "status": "unaffected", "version": "1.19.2" } ] } } ] } } ] }, "vendor_name": "Jenkins project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961", "refsource": "MISC", "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961" }, { "name": "http://www.openwall.com/lists/oss-security/2020/09/16/3", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2020/09/16/3" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "(,1.23.2]", "affected_versions": "All versions up to 1.23.2", "cvss_v2": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cwe_ids": [ "CWE-1035", "CWE-862", "CWE-937" ], "date": "2020-09-18", "description": "A missing permission check in Jenkins Blue Ocean Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL.", "fixed_versions": [], "identifier": "CVE-2020-2255", "identifiers": [ "CVE-2020-2255" ], "not_impacted": "", "package_slug": "maven/io.jenkins.blueocean/blueocean", "pubdate": "2020-09-16", "solution": "Unfortunately, there is no solution available yet.", "title": "Missing Authorization", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-2255", "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961" ], "uuid": "0297d9fb-36ae-4080-8081-3a48293db858" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*", "cpe_name": [], "versionEndIncluding": "1.23.2", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2020-2255" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-862" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961" }, { "name": "[oss-security] 20200916 Multiple vulnerabilities in Jenkins plugins", "refsource": "MLIST", "tags": [ "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2020/09/16/3" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 1.4 } }, "lastModifiedDate": "2023-10-25T18:16Z", "publishedDate": "2020-09-16T14:15Z" } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.