Action not permitted
Modal body text goes here.
cve-2021-21696
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
jenkinsci-cert@googlegroups.com | http://www.openwall.com/lists/oss-security/2021/11/04/3 | Mailing List, Third Party Advisory | |
jenkinsci-cert@googlegroups.com | https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423 | Mitigation, Vendor Advisory |
▼ | Vendor | Product |
---|---|---|
Jenkins project | Jenkins |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:23:29.397Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" }, { "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Jenkins", "vendor": "Jenkins project", "versions": [ { "lessThanOrEqual": "2.318", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "LTS 2.303.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process." } ], "providerMetadata": { "dateUpdated": "2023-10-24T15:52:08.991Z", "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" }, { "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2021-21696", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Jenkins", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "2.318" }, { "version_affected": "\u003c=", "version_value": "LTS 2.303.2" } ] } } ] }, "vendor_name": "Jenkins project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-693: Protection Mechanism Failure" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", "refsource": "CONFIRM", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" }, { "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ] } } } }, "cveMetadata": { "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2021-21696", "datePublished": "2021-11-04T16:30:41", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-03T18:23:29.397Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-21696\",\"sourceIdentifier\":\"jenkinsci-cert@googlegroups.com\",\"published\":\"2021-11-04T17:15:08.873\",\"lastModified\":\"2023-11-22T21:22:27.883\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.\"},{\"lang\":\"es\",\"value\":\"Jenkins versiones 2.318 y anteriores, LTS versiones 2.303.2 y anteriores, no limitan el acceso de lectura/escritura del agente al directorio libs/ dentro de los directorios de construcci\u00f3n cuando son utilizadas las APIs FilePath, permitiendo a atacantes que controlan los procesos del agente reemplazar el c\u00f3digo de una biblioteca confiable con una variante modificada. Esto resulta en una ejecuci\u00f3n de c\u00f3digo sin sandbox en el proceso del controlador de Jenkins\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*\",\"versionEndIncluding\":\"2.303.2\",\"matchCriteriaId\":\"988C6F39-A7CD-4CF3-8E38-A0179F078528\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*\",\"versionEndIncluding\":\"2.318\",\"matchCriteriaId\":\"F7399F73-979B-4229-A283-53BFB4C6A768\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2021/11/04/3\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}" } }
rhsa-2021_4799
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.6.51 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.51. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:4800\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: does not restrict the name of a file when\nlooking up a subversion key (CVE-2021-21698)\n* jenkins: FilePath#mkdirs does not check permission to create parent\ndirectories (CVE-2021-21685)\n* jenkins: File path filters do not canonicalize paths, allowing operations\nto follow symbolic links to outside allowed directories (CVE-2021-21686)\n* jenkins: FilePath#untar does not check permission to create symbolic\nlinks when unarchiving a symbolic link (CVE-2021-21687)\n* jenkins: FilePath#reading(FileVisitor) does not reject any operations\nallowing users to have unrestricted read access (CVE-2021-21688)\n* jenkins: FilePath#unzip and FilePath#untar were not subject to any access\ncontrol (CVE-2021-21689)\n* jenkins: Agent processes are able to completely bypass file path\nfiltering by wrapping the file operation in an agent file path\n(CVE-2021-21690)\n* jenkins: Creating symbolic links is possible without the symlink\npermission (CVE-2021-21691)\n* jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo\nonly check read permission on the source path (CVE-2021-21692)\n* jenkins: When creating temporary files, permission to create files is\nonly checked after they\u2019ve been created. (CVE-2021-21693)\n* jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize,\nFilePath#isDescendant, and FilePath#get*DiskSpace do not check any\npermissions (CVE-2021-21694)\n* jenkins: FilePath#listFiles lists files outside directories with agent\nread access when following symbolic links. (CVE-2021-21695)\n* jenkins: Agent-to-controller access control allowed writing to sensitive\ndirectory used by Pipeline: Shared Groovy Libraries Plugin (CVE-2021-21696)\n* jenkins: Agent-to-controller access control allows reading/writing most\ncontent of build directories (CVE-2021-21697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4799", "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4799.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.6.51 packages and security update", "tracking": { "current_release_date": "2024-11-06T00:12:06+00:00", "generator": { "date": "2024-11-06T00:12:06+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:4799", "initial_release_date": "2021-12-02T18:37:55+00:00", "revision_history": [ { "date": "2021-12-02T18:37:55+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-12-02T18:37:55+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:12:06+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.6", "product": { "name": "Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.6::el7" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.6", "product": { "name": "Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.6::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "product": { "name": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "product_id": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.6.0-202111100230.p0.git.6063298.assembly.stream.el7?arch=src" } } }, { "category": "product_version", "name": "jenkins-0:2.303.3.1637597493-1.el8.src", "product": { "name": "jenkins-0:2.303.3.1637597493-1.el8.src", "product_id": "jenkins-0:2.303.3.1637597493-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637597493-1.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "product": { "name": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "product_id": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.6.0-202111100230.p0.git.6063298.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "product": { "name": "openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "product_id": "openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr@4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "product_id": "jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.6.1637602169-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "product": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "product_id": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202111100230.p0.git.6063298.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "product_id": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202111100230.p0.git.6063298.assembly.stream.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.303.3.1637597493-1.el8.noarch", "product": { "name": "jenkins-0:2.303.3.1637597493-1.el8.noarch", "product_id": "jenkins-0:2.303.3.1637597493-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637597493-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-common@4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product": { "name": "python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_id": "python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.6.1637602169-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "product": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "product_id": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202111100230.p0.git.6063298.assembly.stream.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "product": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "product_id": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202111100230.p0.git.6063298.assembly.stream.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src" }, "product_reference": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64" }, "product_reference": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637597493-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch" }, "product_reference": "jenkins-0:2.303.3.1637597493-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637597493-1.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" }, "product_reference": "jenkins-0:2.303.3.1637597493-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.6.1637602169-1.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src" }, "product_reference": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x" }, "product_reference": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src" }, "product_reference": "openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" }, "product_reference": "python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-21685", "cwe": { "id": "CWE-281", "name": "Improper Preservation of Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020322" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#mkdirs does not check permission to create parent directories, which may allow an attacker who controls the agent process to get read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#mkdirs does not check permission to create parent directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21685" }, { "category": "external", "summary": "RHBZ#2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21685", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#mkdirs does not check permission to create parent directories" }, { "cve": "CVE-2021-21686", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020323" } ], "notes": [ { "category": "description", "text": "A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21686" }, { "category": "external", "summary": "RHBZ#2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21686", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21686" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories" }, { "cve": "CVE-2021-21687", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020324" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21687" }, { "category": "external", "summary": "RHBZ#2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21687", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link" }, { "cve": "CVE-2021-21688", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020327" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The FilePath#reading(FileVisitor) does not reject any operations giving users unrestricted read access with certain operations (creating archives, #copyRecursiveTo). This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21688" }, { "category": "external", "summary": "RHBZ#2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21688", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21688" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access" }, { "cve": "CVE-2021-21689", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020335" } ], "notes": [ { "category": "description", "text": "An incorrect access control vulnerability was found in Jenkins. The FilePath#unzip and FilePath#untar were not subjected to any access control. An attacker with access to FilePath#unzip or FilePath#untar operations is able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21689" }, { "category": "external", "summary": "RHBZ#2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21689", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21689" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control" }, { "cve": "CVE-2021-21690", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020336" } ], "notes": [ { "category": "description", "text": "A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21690" }, { "category": "external", "summary": "RHBZ#2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path" }, { "cve": "CVE-2021-21691", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020338" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jenkins which failed to correctly validate permissions. This flaw allowed any user to create symbolic links regardless if they had the symlink permission. It may allow an attacker to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Creating symbolic links is possible without the symlink permission", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21691" }, { "category": "external", "summary": "RHBZ#2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21691", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21691" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Creating symbolic links is possible without the symlink permission" }, { "cve": "CVE-2021-21692", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020339" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21692" }, { "category": "external", "summary": "RHBZ#2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21692", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path" }, { "cve": "CVE-2021-21693", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020341" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The permissions to create temporary files are only checked after they have been created. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21693" }, { "category": "external", "summary": "RHBZ#2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21693", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created." }, { "cve": "CVE-2021-21694", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020342" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions, which may allow an attacker who has access to any of these operations to be able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21694" }, { "category": "external", "summary": "RHBZ#2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21694", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21694" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions" }, { "cve": "CVE-2021-21695", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020343" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#listFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21695" }, { "category": "external", "summary": "RHBZ#2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21695", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links." }, { "cve": "CVE-2021-21696", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020344" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21696" }, { "category": "external", "summary": "RHBZ#2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21696", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21696" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin" }, { "cve": "CVE-2021-21697", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020345" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The directories agents are allowed to access include the directories where there are stored build-related information intended to allow agents to store build-related metadata during build execution. As a consequence, this allows an attacker who controls agent process to read and write the contents of any build directory stored in Jenkins with very few restrictions (build.xml and some Pipeline-related metadata).", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21697" }, { "category": "external", "summary": "RHBZ#2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21697", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21697" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories" }, { "cve": "CVE-2021-21698", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020385" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent\u0027s ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21698" }, { "category": "external", "summary": "RHBZ#2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key" } ] }
rhsa-2021_4829
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.8.22 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.22. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:4830\n\nAll OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key (CVE-2021-21698)\n* jenkins: FilePath#mkdirs does not check permission to create parent directories (CVE-2021-21685)\n* jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories (CVE-2021-21686)\n* jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link (CVE-2021-21687)\n* jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access (CVE-2021-21688)\n* coreos-installer: restrict access permissions on /boot/ignition{,/config.ign} (CVE-2021-3917)\n* jenkins: FilePath#unzip and FilePath#untar were not subject to any access control (CVE-2021-21689)\n* jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path (CVE-2021-21690)\n* jenkins: Creating symbolic links is possible without the symlink permission (CVE-2021-21691)\n* jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path (CVE-2021-21692)\n* jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created. (CVE-2021-21693)\n* jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions (CVE-2021-21694)\n* jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links. (CVE-2021-21695)\n* jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin (CVE-2021-21696)\n* jenkins: Agent-to-controller access control allows reading/writing most content of build directories (CVE-2021-21697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4829", "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2018478", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018478" }, { "category": "external", "summary": "2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4829.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.8.22 security update", "tracking": { "current_release_date": "2024-11-06T00:12:09+00:00", "generator": { "date": "2024-11-06T00:12:09+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:4829", "initial_release_date": "2021-11-30T09:11:27+00:00", "revision_history": [ { "date": "2021-11-30T09:11:27+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-11-30T09:11:27+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:12:09+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.8", "product": { "name": "Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.8::el8" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.8", "product": { "name": "Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.8::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "product": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "product_id": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer@0.9.0-8.rhaos4.8.el8?arch=src" } } }, { "category": "product_version", "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "product": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "product_id": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-0:2.303.3.1637596565-1.el8.src", "product": { "name": "jenkins-0:2.303.3.1637596565-1.el8.src", "product_id": "jenkins-0:2.303.3.1637596565-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637596565-1.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "product_id": "jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.8.1637599935-1.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "product": { "name": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "product_id": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.8.0-202111221934.p0.g81bc627.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "product": { "name": "openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "product_id": "openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr@4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "product": { "name": "python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "product_id": "python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-sushy@3.7.4-0.20211119091058.2cc60dc.el8?arch=src" } } }, { "category": "product_version", "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "product": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "product_id": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.4-3.rhaos4.8.git84fa55d.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "product": { "name": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "product_id": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.8.0-202111221934.p0.g81bc627.assembly.stream.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "product": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_id": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer@0.9.0-8.rhaos4.8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "product": { "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_id": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-debugsource@0.9.0-8.rhaos4.8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "product": { "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_id": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-bootinfra-debuginfo@0.9.0-8.rhaos4.8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "product": { "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_id": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-debuginfo@0.9.0-8.rhaos4.8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product_id": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product": { "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product_id": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product_id": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "product_id": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202111221934.p0.g81bc627.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "product": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "product_id": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.4-3.rhaos4.8.git84fa55d.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "product": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "product_id": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.4-3.rhaos4.8.git84fa55d.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "product": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "product_id": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202111221934.p0.g81bc627.assembly.stream.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_id": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer@0.9.0-8.rhaos4.8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product": { "name": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_id": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-bootinfra@0.9.0-8.rhaos4.8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product": { "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_id": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-debugsource@0.9.0-8.rhaos4.8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product": { "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_id": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-bootinfra-debuginfo@0.9.0-8.rhaos4.8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product": { "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_id": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-debuginfo@0.9.0-8.rhaos4.8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product_id": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product": { "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product_id": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product_id": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "product": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "product_id": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202111221934.p0.g81bc627.assembly.stream.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "product": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "product_id": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer@0.9.0-8.rhaos4.8.el8?arch=s390x" } } }, { "category": "product_version", "name": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "product": { "name": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "product_id": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-bootinfra@0.9.0-8.rhaos4.8.el8?arch=s390x" } } }, { "category": "product_version", "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "product": { "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "product_id": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-debugsource@0.9.0-8.rhaos4.8.el8?arch=s390x" } } }, { "category": "product_version", "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "product": { "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "product_id": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-bootinfra-debuginfo@0.9.0-8.rhaos4.8.el8?arch=s390x" } } }, { "category": "product_version", "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "product": { "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "product_id": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-debuginfo@0.9.0-8.rhaos4.8.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product_id": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product": { "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product_id": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product_id": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "product": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "product_id": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202111221934.p0.g81bc627.assembly.stream.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.303.3.1637596565-1.el8.noarch", "product": { "name": "jenkins-0:2.303.3.1637596565-1.el8.noarch", "product_id": "jenkins-0:2.303.3.1637596565-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637596565-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.8.1637599935-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-common@4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product": { "name": "python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_id": "python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "product": { "name": "python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "product_id": "python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-sushy@3.7.4-0.20211119091058.2cc60dc.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "product": { "name": "python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "product_id": "python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-sushy-tests@3.7.4-0.20211119091058.2cc60dc.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src" }, "product_reference": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64" }, "product_reference": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src" }, "product_reference": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64" }, "product_reference": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le" }, "product_reference": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x" }, "product_reference": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src" }, "product_reference": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64" }, "product_reference": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le" }, "product_reference": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x" }, "product_reference": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le" }, "product_reference": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x" }, "product_reference": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64" }, "product_reference": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le" }, "product_reference": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x" }, "product_reference": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64" }, "product_reference": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le" }, "product_reference": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x" }, "product_reference": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64" }, "product_reference": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le" }, "product_reference": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x" }, "product_reference": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src" }, "product_reference": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64" }, "product_reference": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le" }, "product_reference": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x" }, "product_reference": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le" }, "product_reference": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x" }, "product_reference": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64" }, "product_reference": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637596565-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch" }, "product_reference": "jenkins-0:2.303.3.1637596565-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637596565-1.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" }, "product_reference": "jenkins-0:2.303.3.1637596565-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.8.1637599935-1.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src" }, "product_reference": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x" }, "product_reference": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src" }, "product_reference": "openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src" }, "product_reference": "python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch" }, "product_reference": "python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" }, "product_reference": "python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" }, "product_reference": "python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3917", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-10-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2018478" } ], "notes": [ { "category": "description", "text": "A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "coreos-installer: restrict access permissions on /boot/ignition{,/config.ign}", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3917" }, { "category": "external", "summary": "RHBZ#2018478", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018478" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3917", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3917" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3917", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3917" }, { "category": "external", "summary": "https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c", "url": "https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c" } ], "release_date": "2021-07-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "coreos-installer: restrict access permissions on /boot/ignition{,/config.ign}" }, { "cve": "CVE-2021-21685", "cwe": { "id": "CWE-281", "name": "Improper Preservation of Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020322" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#mkdirs does not check permission to create parent directories, which may allow an attacker who controls the agent process to get read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#mkdirs does not check permission to create parent directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21685" }, { "category": "external", "summary": "RHBZ#2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21685", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#mkdirs does not check permission to create parent directories" }, { "cve": "CVE-2021-21686", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020323" } ], "notes": [ { "category": "description", "text": "A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21686" }, { "category": "external", "summary": "RHBZ#2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21686", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21686" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories" }, { "cve": "CVE-2021-21687", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020324" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21687" }, { "category": "external", "summary": "RHBZ#2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21687", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link" }, { "cve": "CVE-2021-21688", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020327" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The FilePath#reading(FileVisitor) does not reject any operations giving users unrestricted read access with certain operations (creating archives, #copyRecursiveTo). This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21688" }, { "category": "external", "summary": "RHBZ#2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21688", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21688" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access" }, { "cve": "CVE-2021-21689", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020335" } ], "notes": [ { "category": "description", "text": "An incorrect access control vulnerability was found in Jenkins. The FilePath#unzip and FilePath#untar were not subjected to any access control. An attacker with access to FilePath#unzip or FilePath#untar operations is able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21689" }, { "category": "external", "summary": "RHBZ#2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21689", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21689" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control" }, { "cve": "CVE-2021-21690", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020336" } ], "notes": [ { "category": "description", "text": "A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21690" }, { "category": "external", "summary": "RHBZ#2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path" }, { "cve": "CVE-2021-21691", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020338" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jenkins which failed to correctly validate permissions. This flaw allowed any user to create symbolic links regardless if they had the symlink permission. It may allow an attacker to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Creating symbolic links is possible without the symlink permission", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21691" }, { "category": "external", "summary": "RHBZ#2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21691", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21691" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Creating symbolic links is possible without the symlink permission" }, { "cve": "CVE-2021-21692", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020339" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21692" }, { "category": "external", "summary": "RHBZ#2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21692", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path" }, { "cve": "CVE-2021-21693", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020341" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The permissions to create temporary files are only checked after they have been created. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21693" }, { "category": "external", "summary": "RHBZ#2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21693", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created." }, { "cve": "CVE-2021-21694", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020342" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions, which may allow an attacker who has access to any of these operations to be able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21694" }, { "category": "external", "summary": "RHBZ#2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21694", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21694" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions" }, { "cve": "CVE-2021-21695", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020343" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#listFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21695" }, { "category": "external", "summary": "RHBZ#2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21695", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links." }, { "cve": "CVE-2021-21696", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020344" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21696" }, { "category": "external", "summary": "RHBZ#2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21696", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21696" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin" }, { "cve": "CVE-2021-21697", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020345" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The directories agents are allowed to access include the directories where there are stored build-related information intended to allow agents to store build-related metadata during build execution. As a consequence, this allows an attacker who controls agent process to read and write the contents of any build directory stored in Jenkins with very few restrictions (build.xml and some Pipeline-related metadata).", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21697" }, { "category": "external", "summary": "RHBZ#2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21697", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21697" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories" }, { "cve": "CVE-2021-21698", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020385" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent\u0027s ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21698" }, { "category": "external", "summary": "RHBZ#2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key" } ] }
rhsa-2021_4827
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 3.11.569 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key (CVE-2021-21698)\n* jenkins: FilePath#mkdirs does not check permission to create parent directories (CVE-2021-21685)\n* jenkins: File path filters do not canonicalize paths, allowing operations\nto follow symbolic links to outside allowed directories (CVE-2021-21686)\n* jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link (CVE-2021-21687)\n* jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access (CVE-2021-21688)\n* jenkins: FilePath#unzip and FilePath#untar were not subject to any access control (CVE-2021-21689)\n* jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path\n(CVE-2021-21690)\n* jenkins: Creating symbolic links is possible without the symlink permission (CVE-2021-21691)\n* jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path (CVE-2021-21692)\n* jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created. (CVE-2021-21693)\n* jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any\npermissions (CVE-2021-21694)\n* jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links. (CVE-2021-21695)\n* jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin (CVE-2021-21696)\n* jenkins: Agent-to-controller access control allows reading/writing most content of build directories (CVE-2021-21697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4827", "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1920894", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920894" }, { "category": "external", "summary": "2002671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2002671" }, { "category": "external", "summary": "2002909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2002909" }, { "category": "external", "summary": "2003491", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003491" }, { "category": "external", "summary": "2013496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013496" }, { "category": "external", "summary": "2016467", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016467" }, { "category": "external", "summary": "2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "external", "summary": "2026193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026193" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4827.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 3.11.569 security update", "tracking": { "current_release_date": "2024-11-06T00:12:18+00:00", "generator": { "date": "2024-11-06T00:12:18+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:4827", "initial_release_date": "2021-12-02T22:04:06+00:00", "revision_history": [ { "date": "2021-12-02T22:04:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-12-02T22:04:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:12:18+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 3.11", "product": { "name": "Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:3.11::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.303.3.1637698110-1.el7.src", "product": { "name": "jenkins-0:2.303.3.1637698110-1.el7.src", "product_id": "jenkins-0:2.303.3.1637698110-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637698110-1.el7?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "product": { "name": "jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "product_id": "jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1637699107-1.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "product": { "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "product_id": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.569-1.g2e6be86.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "product": { "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "product_id": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.11.569-1.git.0.9dc951a.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "product": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.569-1.g99b2acf.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "product": { "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "product_id": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.569-1.gd435537.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "product": { "name": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "product_id": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.569-1.g3571208.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "product": { "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "product_id": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.569-1.gf8bf728.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "product": { "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "product_id": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.569-1.gc8f26da.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "product": { "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "product_id": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.569-1.g39cfc66.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "product": { "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "product_id": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.569-1.g3e485e6.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "product": { "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "product_id": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.569-1.gedebe84.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "product": { "name": "golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "product_id": "golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.569-1.g13de638.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "product": { "name": "golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "product_id": "golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.569-1.g609cd20.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "product": { "name": "golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "product_id": "golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.569-1.g99aae51.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "product": { "name": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "product_id": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@3.11.569-1.git.0.9620ba1.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "product": { "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "product_id": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.569-1.gf2f435d.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "product": { "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "product_id": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.569-1.g22be164.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "product": { "name": "openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "product_id": "openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr@3.11.569-1.g0c4bf66.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.303.3.1637698110-1.el7.noarch", "product": { "name": "jenkins-0:2.303.3.1637698110-1.el7.noarch", "product_id": "jenkins-0:2.303.3.1637698110-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637698110-1.el7?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "product": { "name": "jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "product_id": "jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1637699107-1.el7?arch=noarch" } } }, { "category": "product_version", "name": "atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "product": { "name": "atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "product_id": "atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.11.569-1.git.0.9dc951a.el7?arch=noarch" } } }, { "category": "product_version", "name": "atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "product": { "name": "atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "product_id": "atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.11.569-1.git.0.9dc951a.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product": { "name": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_id": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@3.11.569-1.git.0.9620ba1.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product": { "name": "openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_id": "openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.11.569-1.git.0.9620ba1.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product": { "name": "openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_id": "openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.11.569-1.git.0.9620ba1.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product": { "name": "openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_id": "openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.11.569-1.git.0.9620ba1.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product": { "name": "openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_id": "openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-test@3.11.569-1.git.0.9620ba1.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "product": { "name": "openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "product_id": "openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-cni@3.11.569-1.g0c4bf66.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "product": { "name": "openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "product_id": "openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-common@3.11.569-1.g0c4bf66.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "product": { "name": "openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "product_id": "openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-controller@3.11.569-1.g0c4bf66.el7?arch=noarch" } } }, { "category": "product_version", "name": "python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch", "product": { "name": "python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch", "product_id": "python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python2-kuryr-kubernetes@3.11.569-1.g0c4bf66.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "product": { "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "product_id": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.569-1.g2e6be86.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "product": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.569-1.g2e6be86.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "product": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.569-1.g99b2acf.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "product": { "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "product_id": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.569-1.gd435537.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "product": { "name": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "product_id": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.569-1.g3571208.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "product": { "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "product_id": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.569-1.gf8bf728.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "product": { "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "product_id": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.569-1.gc8f26da.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "product": { "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "product_id": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.569-1.g39cfc66.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "product": { "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "product_id": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.569-1.g3e485e6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "product": { "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "product_id": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.569-1.gedebe84.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "product": { "name": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "product_id": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.569-1.g13de638.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "product": { "name": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "product_id": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.569-1.g609cd20.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "product": { "name": "prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "product_id": "prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus@3.11.569-1.g99aae51.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "product": { "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "product_id": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.569-1.gf2f435d.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "product": { "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "product_id": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.569-1.g22be164.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "product": { "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "product_id": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.569-1.g2e6be86.el7?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "product": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.569-1.g2e6be86.el7?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "product": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.569-1.g99b2acf.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "product": { "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "product_id": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.569-1.gd435537.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "product": { "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "product_id": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.569-1.gf8bf728.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "product": { "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "product_id": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.569-1.gc8f26da.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "product": { "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "product_id": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.569-1.g39cfc66.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "product": { "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "product_id": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.569-1.g3e485e6.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "product": { "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "product_id": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.569-1.gedebe84.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "product": { "name": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "product_id": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.569-1.g13de638.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "product": { "name": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "product_id": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.569-1.g609cd20.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "product": { "name": "prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "product_id": "prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus@3.11.569-1.g99aae51.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "product": { "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "product_id": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.569-1.gf2f435d.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "product": { "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "product_id": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.569-1.g22be164.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le" }, "product_reference": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src" }, "product_reference": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64" }, "product_reference": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le" }, "product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64" }, "product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src" }, "product_reference": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le" }, "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src" }, "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64" }, "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le" }, "product_reference": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src" }, "product_reference": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64" }, "product_reference": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch" }, "product_reference": "atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src" }, "product_reference": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64" }, "product_reference": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch" }, "product_reference": "atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le" }, "product_reference": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src" }, "product_reference": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64" }, "product_reference": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le" }, "product_reference": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src" }, "product_reference": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64" }, "product_reference": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le" }, "product_reference": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src" }, "product_reference": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64" }, "product_reference": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le" }, "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src" }, "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64" }, "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src" }, "product_reference": "golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src" }, "product_reference": "golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src" }, "product_reference": "golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637698110-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch" }, "product_reference": "jenkins-0:2.303.3.1637698110-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637698110-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" }, "product_reference": "jenkins-0:2.303.3.1637698110-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch" }, "product_reference": "jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:3.11.1637699107-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src" }, "product_reference": "jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch" }, "product_reference": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src" }, "product_reference": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch" }, "product_reference": "openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch" }, "product_reference": "openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch" }, "product_reference": "openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch" }, "product_reference": "openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le" }, "product_reference": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src" }, "product_reference": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64" }, "product_reference": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le" }, "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src" }, "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64" }, "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src" }, "product_reference": "openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch" }, "product_reference": "openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch" }, "product_reference": "openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch" }, "product_reference": "openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-0:3.11.569-1.g99aae51.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le" }, "product_reference": "prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-0:3.11.569-1.g99aae51.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64" }, "product_reference": "prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le" }, "product_reference": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64" }, "product_reference": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le" }, "product_reference": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64" }, "product_reference": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" }, "product_reference": "python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-21685", "cwe": { "id": "CWE-281", "name": "Improper Preservation of Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020322" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#mkdirs does not check permission to create parent directories, which may allow an attacker who controls the agent process to get read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#mkdirs does not check permission to create parent directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21685" }, { "category": "external", "summary": "RHBZ#2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21685", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#mkdirs does not check permission to create parent directories" }, { "cve": "CVE-2021-21686", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020323" } ], "notes": [ { "category": "description", "text": "A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21686" }, { "category": "external", "summary": "RHBZ#2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21686", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21686" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories" }, { "cve": "CVE-2021-21687", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020324" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21687" }, { "category": "external", "summary": "RHBZ#2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21687", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link" }, { "cve": "CVE-2021-21688", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020327" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The FilePath#reading(FileVisitor) does not reject any operations giving users unrestricted read access with certain operations (creating archives, #copyRecursiveTo). This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21688" }, { "category": "external", "summary": "RHBZ#2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21688", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21688" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access" }, { "cve": "CVE-2021-21689", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020335" } ], "notes": [ { "category": "description", "text": "An incorrect access control vulnerability was found in Jenkins. The FilePath#unzip and FilePath#untar were not subjected to any access control. An attacker with access to FilePath#unzip or FilePath#untar operations is able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21689" }, { "category": "external", "summary": "RHBZ#2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21689", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21689" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control" }, { "cve": "CVE-2021-21690", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020336" } ], "notes": [ { "category": "description", "text": "A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21690" }, { "category": "external", "summary": "RHBZ#2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path" }, { "cve": "CVE-2021-21691", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020338" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jenkins which failed to correctly validate permissions. This flaw allowed any user to create symbolic links regardless if they had the symlink permission. It may allow an attacker to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Creating symbolic links is possible without the symlink permission", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21691" }, { "category": "external", "summary": "RHBZ#2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21691", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21691" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Creating symbolic links is possible without the symlink permission" }, { "cve": "CVE-2021-21692", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020339" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21692" }, { "category": "external", "summary": "RHBZ#2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21692", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path" }, { "cve": "CVE-2021-21693", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020341" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The permissions to create temporary files are only checked after they have been created. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21693" }, { "category": "external", "summary": "RHBZ#2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21693", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created." }, { "cve": "CVE-2021-21694", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020342" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions, which may allow an attacker who has access to any of these operations to be able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21694" }, { "category": "external", "summary": "RHBZ#2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21694", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21694" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions" }, { "cve": "CVE-2021-21695", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020343" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#listFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21695" }, { "category": "external", "summary": "RHBZ#2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21695", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links." }, { "cve": "CVE-2021-21696", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020344" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21696" }, { "category": "external", "summary": "RHBZ#2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21696", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21696" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin" }, { "cve": "CVE-2021-21697", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020345" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The directories agents are allowed to access include the directories where there are stored build-related information intended to allow agents to store build-related metadata during build execution. As a consequence, this allows an attacker who controls agent process to read and write the contents of any build directory stored in Jenkins with very few restrictions (build.xml and some Pipeline-related metadata).", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21697" }, { "category": "external", "summary": "RHBZ#2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21697", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21697" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories" }, { "cve": "CVE-2021-21698", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020385" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent\u0027s ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21698" }, { "category": "external", "summary": "RHBZ#2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key" } ] }
rhsa-2021_4801
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.7.38 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.7.38. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:4802\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: does not restrict the name of a file when\nlooking up a subversion key (CVE-2021-21698)\n* jenkins: FilePath#mkdirs does not check permission to create parent\ndirectories (CVE-2021-21685)\n* jenkins: File path filters do not canonicalize paths, allowing operations\nto follow symbolic links to outside allowed directories (CVE-2021-21686)\n* jenkins: FilePath#untar does not check permission to create symbolic\nlinks when unarchiving a symbolic link (CVE-2021-21687)\n* jenkins: FilePath#reading(FileVisitor) does not reject any operations\nallowing users to have unrestricted read access (CVE-2021-21688)\n* jenkins: FilePath#unzip and FilePath#untar were not subject to any access\ncontrol (CVE-2021-21689)\n* jenkins: Agent processes are able to completely bypass file path\nfiltering by wrapping the file operation in an agent file path\n(CVE-2021-21690)\n* jenkins: Creating symbolic links is possible without the symlink\npermission (CVE-2021-21691)\n* jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo\nonly check read permission on the source path (CVE-2021-21692)\n* jenkins: When creating temporary files, permission to create files is\nonly checked after they\u2019ve been created. (CVE-2021-21693)\n* jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize,\nFilePath#isDescendant, and FilePath#get*DiskSpace do not check any\npermissions (CVE-2021-21694)\n* jenkins: FilePath#listFiles lists files outside directories with agent\nread access when following symbolic links. (CVE-2021-21695)\n* jenkins: Agent-to-controller access control allowed writing to sensitive\ndirectory used by Pipeline: Shared Groovy Libraries Plugin (CVE-2021-21696)\n* jenkins: Agent-to-controller access control allows reading/writing most\ncontent of build directories (CVE-2021-21697)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4801", "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4801.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.7.38 security update", "tracking": { "current_release_date": "2024-11-06T00:11:59+00:00", "generator": { "date": "2024-11-06T00:11:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:4801", "initial_release_date": "2021-12-01T12:28:59+00:00", "revision_history": [ { "date": "2021-12-01T12:28:59+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-12-01T12:28:59+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:11:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.7", "product": { "name": "Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.7::el7" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.7", "product": { "name": "Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.7::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "product": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "product_id": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.6-3.rhaos4.7.git4603183.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "product": { "name": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "product_id": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7?arch=src" } } }, { "category": "product_version", "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "product": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "product_id": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.6-3.rhaos4.7.git4603183.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-0:2.303.3.1637597018-1.el8.src", "product": { "name": "jenkins-0:2.303.3.1637597018-1.el8.src", "product_id": "jenkins-0:2.303.3.1637597018-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637597018-1.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "product_id": "jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.7.1637600997-1.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "product": { "name": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "product_id": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "product": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "product_id": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.6-3.rhaos4.7.git4603183.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "product": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "product_id": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.6-3.rhaos4.7.git4603183.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "product": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "product_id": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product_id": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.6-3.rhaos4.7.git4603183.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product": { "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product_id": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.6-3.rhaos4.7.git4603183.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product_id": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.6-3.rhaos4.7.git4603183.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64", "product_id": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product_id": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.6-3.rhaos4.7.git4603183.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product": { "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product_id": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.6-3.rhaos4.7.git4603183.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product_id": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.6-3.rhaos4.7.git4603183.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "product": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "product_id": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product_id": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.6-3.rhaos4.7.git4603183.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product": { "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product_id": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.6-3.rhaos4.7.git4603183.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product_id": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.6-3.rhaos4.7.git4603183.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "product": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "product_id": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.303.3.1637597018-1.el8.noarch", "product": { "name": "jenkins-0:2.303.3.1637597018-1.el8.noarch", "product_id": "jenkins-0:2.303.3.1637597018-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637597018-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.7.1637600997-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src" }, "product_reference": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64" }, "product_reference": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src" }, "product_reference": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64" }, "product_reference": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le" }, "product_reference": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x" }, "product_reference": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src" }, "product_reference": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64" }, "product_reference": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le" }, "product_reference": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x" }, "product_reference": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le" }, "product_reference": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x" }, "product_reference": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64" }, "product_reference": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637597018-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch" }, "product_reference": "jenkins-0:2.303.3.1637597018-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637597018-1.el8.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" }, "product_reference": "jenkins-0:2.303.3.1637597018-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.7.1637600997-1.el8.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src" }, "product_reference": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x" }, "product_reference": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-21685", "cwe": { "id": "CWE-281", "name": "Improper Preservation of Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020322" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#mkdirs does not check permission to create parent directories, which may allow an attacker who controls the agent process to get read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#mkdirs does not check permission to create parent directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21685" }, { "category": "external", "summary": "RHBZ#2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21685", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#mkdirs does not check permission to create parent directories" }, { "cve": "CVE-2021-21686", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020323" } ], "notes": [ { "category": "description", "text": "A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21686" }, { "category": "external", "summary": "RHBZ#2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21686", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21686" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories" }, { "cve": "CVE-2021-21687", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020324" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21687" }, { "category": "external", "summary": "RHBZ#2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21687", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link" }, { "cve": "CVE-2021-21688", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020327" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The FilePath#reading(FileVisitor) does not reject any operations giving users unrestricted read access with certain operations (creating archives, #copyRecursiveTo). This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21688" }, { "category": "external", "summary": "RHBZ#2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21688", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21688" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access" }, { "cve": "CVE-2021-21689", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020335" } ], "notes": [ { "category": "description", "text": "An incorrect access control vulnerability was found in Jenkins. The FilePath#unzip and FilePath#untar were not subjected to any access control. An attacker with access to FilePath#unzip or FilePath#untar operations is able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21689" }, { "category": "external", "summary": "RHBZ#2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21689", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21689" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control" }, { "cve": "CVE-2021-21690", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020336" } ], "notes": [ { "category": "description", "text": "A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21690" }, { "category": "external", "summary": "RHBZ#2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path" }, { "cve": "CVE-2021-21691", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020338" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jenkins which failed to correctly validate permissions. This flaw allowed any user to create symbolic links regardless if they had the symlink permission. It may allow an attacker to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Creating symbolic links is possible without the symlink permission", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21691" }, { "category": "external", "summary": "RHBZ#2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21691", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21691" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Creating symbolic links is possible without the symlink permission" }, { "cve": "CVE-2021-21692", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020339" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21692" }, { "category": "external", "summary": "RHBZ#2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21692", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path" }, { "cve": "CVE-2021-21693", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020341" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The permissions to create temporary files are only checked after they have been created. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21693" }, { "category": "external", "summary": "RHBZ#2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21693", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created." }, { "cve": "CVE-2021-21694", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020342" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions, which may allow an attacker who has access to any of these operations to be able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21694" }, { "category": "external", "summary": "RHBZ#2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21694", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21694" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions" }, { "cve": "CVE-2021-21695", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020343" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#listFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21695" }, { "category": "external", "summary": "RHBZ#2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21695", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links." }, { "cve": "CVE-2021-21696", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020344" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21696" }, { "category": "external", "summary": "RHBZ#2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21696", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21696" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin" }, { "cve": "CVE-2021-21697", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020345" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The directories agents are allowed to access include the directories where there are stored build-related information intended to allow agents to store build-related metadata during build execution. As a consequence, this allows an attacker who controls agent process to read and write the contents of any build directory stored in Jenkins with very few restrictions (build.xml and some Pipeline-related metadata).", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21697" }, { "category": "external", "summary": "RHBZ#2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21697", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21697" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories" }, { "cve": "CVE-2021-21698", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020385" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent\u0027s ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21698" }, { "category": "external", "summary": "RHBZ#2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key" } ] }
rhsa-2021_4833
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.9.9 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.9. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2021:4834\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key (CVE-2021-21698)\n* jenkins: FilePath#mkdirs does not check permission to create parent directories (CVE-2021-21685)\n* jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories (CVE-2021-21686)\n* jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link (CVE-2021-21687)\n* jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access (CVE-2021-21688)\n* jenkins: FilePath#unzip and FilePath#untar were not subject to any access control (CVE-2021-21689)\n* jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path (CVE-2021-21690)\n* jenkins: Creating symbolic links is possible without the symlink permission (CVE-2021-21691)\n* jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path (CVE-2021-21692)\n* jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created. (CVE-2021-21693)\n* jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions (CVE-2021-21694)\n* jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links. (CVE-2021-21695)\n* jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin (CVE-2021-21696)\n* jenkins: Agent-to-controller access control allows reading/writing most content of build directories (CVE-2021-21697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4833", "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4833.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.9.9 security update", "tracking": { "current_release_date": "2024-11-06T00:11:48+00:00", "generator": { "date": "2024-11-06T00:11:48+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:4833", "initial_release_date": "2021-11-29T10:40:21+00:00", "revision_history": [ { "date": "2021-11-29T10:40:21+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-11-29T10:40:21+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:11:48+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.9", "product": { "name": "Red Hat OpenShift Container Platform 4.9", "product_id": "7Server-RH7-RHOSE-4.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.9::el7" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.9", "product": { "name": "Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.9::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "product": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "product_id": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.22.1-4.rhaos4.9.gite3dfe61.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "product": { "name": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "product_id": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7?arch=src" } } }, { "category": "product_version", "name": "container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "product": { "name": "container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "product_id": "container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/container-selinux@2.170.0-2.rhaos4.9.el8?arch=src\u0026epoch=2" } } }, { "category": "product_version", "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "product": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "product_id": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-0:2.303.3.1637595827-1.el8.src", "product": { "name": "jenkins-0:2.303.3.1637595827-1.el8.src", "product_id": "jenkins-0:2.303.3.1637595827-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637595827-1.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "product_id": "jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.9.1637598812-1.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "product": { "name": "openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "product_id": "openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr@4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "product": { "name": "python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "product_id": "python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-sushy@3.12.1-0.20211122142104.806622c.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "product": { "name": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "product_id": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "product": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "product_id": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.22.1-4.rhaos4.9.gite3dfe61.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "product": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "product_id": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.22.1-4.rhaos4.9.gite3dfe61.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "product": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "product_id": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product_id": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product_id": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product_id": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "product_id": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "product": { "name": "container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "product_id": "container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/container-selinux@2.170.0-2.rhaos4.9.el8?arch=noarch\u0026epoch=2" } } }, { "category": "product_version", "name": "jenkins-0:2.303.3.1637595827-1.el8.noarch", "product": { "name": "jenkins-0:2.303.3.1637595827-1.el8.noarch", "product_id": "jenkins-0:2.303.3.1637595827-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637595827-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.9.1637598812-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-common@4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product": { "name": "python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_id": "python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "product": { "name": "python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "product_id": "python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-sushy@3.12.1-0.20211122142104.806622c.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch", "product": { "name": "python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch", "product_id": "python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-sushy-tests@3.12.1-0.20211122142104.806622c.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product_id": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product_id": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product_id": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=aarch64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "product": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "product_id": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product_id": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product_id": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product_id": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "product": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "product_id": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product_id": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product_id": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product_id": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "product": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "product_id": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src" }, "product_reference": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64" }, "product_reference": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src" }, "product_reference": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64" }, "product_reference": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch" }, "product_reference": "container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-selinux-2:2.170.0-2.rhaos4.9.el8.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src" }, "product_reference": "container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64" }, "product_reference": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le" }, "product_reference": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x" }, "product_reference": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src" }, "product_reference": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64" }, "product_reference": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64" }, "product_reference": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le" }, "product_reference": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x" }, "product_reference": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64" }, "product_reference": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le" }, "product_reference": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x" }, "product_reference": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64" }, "product_reference": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637595827-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch" }, "product_reference": "jenkins-0:2.303.3.1637595827-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637595827-1.el8.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" }, "product_reference": "jenkins-0:2.303.3.1637595827-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.9.1637598812-1.el8.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src" }, "product_reference": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64" }, "product_reference": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x" }, "product_reference": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src" }, "product_reference": "openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src" }, "product_reference": "python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch" }, "product_reference": "python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch" }, "product_reference": "python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" }, "product_reference": "python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-21685", "cwe": { "id": "CWE-281", "name": "Improper Preservation of Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020322" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#mkdirs does not check permission to create parent directories, which may allow an attacker who controls the agent process to get read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#mkdirs does not check permission to create parent directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21685" }, { "category": "external", "summary": "RHBZ#2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21685", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#mkdirs does not check permission to create parent directories" }, { "cve": "CVE-2021-21686", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020323" } ], "notes": [ { "category": "description", "text": "A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21686" }, { "category": "external", "summary": "RHBZ#2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21686", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21686" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories" }, { "cve": "CVE-2021-21687", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020324" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21687" }, { "category": "external", "summary": "RHBZ#2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21687", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link" }, { "cve": "CVE-2021-21688", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020327" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The FilePath#reading(FileVisitor) does not reject any operations giving users unrestricted read access with certain operations (creating archives, #copyRecursiveTo). This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21688" }, { "category": "external", "summary": "RHBZ#2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21688", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21688" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access" }, { "cve": "CVE-2021-21689", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020335" } ], "notes": [ { "category": "description", "text": "An incorrect access control vulnerability was found in Jenkins. The FilePath#unzip and FilePath#untar were not subjected to any access control. An attacker with access to FilePath#unzip or FilePath#untar operations is able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21689" }, { "category": "external", "summary": "RHBZ#2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21689", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21689" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control" }, { "cve": "CVE-2021-21690", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020336" } ], "notes": [ { "category": "description", "text": "A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21690" }, { "category": "external", "summary": "RHBZ#2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path" }, { "cve": "CVE-2021-21691", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020338" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jenkins which failed to correctly validate permissions. This flaw allowed any user to create symbolic links regardless if they had the symlink permission. It may allow an attacker to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Creating symbolic links is possible without the symlink permission", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21691" }, { "category": "external", "summary": "RHBZ#2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21691", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21691" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Creating symbolic links is possible without the symlink permission" }, { "cve": "CVE-2021-21692", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020339" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21692" }, { "category": "external", "summary": "RHBZ#2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21692", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path" }, { "cve": "CVE-2021-21693", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020341" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The permissions to create temporary files are only checked after they have been created. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21693" }, { "category": "external", "summary": "RHBZ#2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21693", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created." }, { "cve": "CVE-2021-21694", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020342" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions, which may allow an attacker who has access to any of these operations to be able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21694" }, { "category": "external", "summary": "RHBZ#2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21694", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21694" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions" }, { "cve": "CVE-2021-21695", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020343" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#listFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21695" }, { "category": "external", "summary": "RHBZ#2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21695", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links." }, { "cve": "CVE-2021-21696", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020344" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21696" }, { "category": "external", "summary": "RHBZ#2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21696", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21696" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin" }, { "cve": "CVE-2021-21697", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020345" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The directories agents are allowed to access include the directories where there are stored build-related information intended to allow agents to store build-related metadata during build execution. As a consequence, this allows an attacker who controls agent process to read and write the contents of any build directory stored in Jenkins with very few restrictions (build.xml and some Pipeline-related metadata).", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21697" }, { "category": "external", "summary": "RHBZ#2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21697", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21697" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories" }, { "cve": "CVE-2021-21698", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020385" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent\u0027s ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21698" }, { "category": "external", "summary": "RHBZ#2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key" } ] }
gsd-2021-21696
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2021-21696", "description": "Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.", "id": "GSD-2021-21696", "references": [ "https://access.redhat.com/errata/RHSA-2021:4833", "https://access.redhat.com/errata/RHSA-2021:4829", "https://access.redhat.com/errata/RHSA-2021:4827", "https://access.redhat.com/errata/RHSA-2021:4801", "https://access.redhat.com/errata/RHSA-2021:4799", "https://security.archlinux.org/CVE-2021-21696" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-21696" ], "details": "Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.", "id": "GSD-2021-21696", "modified": "2023-12-13T01:23:10.972584Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2021-21696", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Jenkins", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "unspecified", "version_value": "2.318" } ] } } ] }, "vendor_name": "Jenkins project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", "refsource": "MISC", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" }, { "name": "http://www.openwall.com/lists/oss-security/2021/11/04/3", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "(,2.318]", "affected_versions": "All versions up to 2.318", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-693", "CWE-937" ], "date": "2021-11-08", "description": "Jenkins does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.", "fixed_versions": [], "identifier": "CVE-2021-21696", "identifiers": [ "CVE-2021-21696" ], "not_impacted": "", "package_slug": "maven/org.jenkins-ci.main/jenkins-core", "pubdate": "2021-11-04", "solution": "Unfortunately, there is no solution available yet.", "title": "Protection Mechanism Failure", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-21696", "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", "http://www.openwall.com/lists/oss-security/2021/11/04/3" ], "uuid": "d96aec1c-1e03-4fe6-8789-08c4852c5968" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndIncluding": "2.303.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "2.318", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2021-21696" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", "refsource": "CONFIRM", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" }, { "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } }, "lastModifiedDate": "2023-11-22T21:22Z", "publishedDate": "2021-11-04T17:15Z" } } }
ghsa-c5r9-rx53-q3gf
Vulnerability from github
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/
directory inside build directories when using the FilePath
APIs. This directory is used by the Pipeline: Shared Groovy Libraries Plugin to store copies of shared libraries.
This allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process.
Jenkins 2.319, LTS 2.303.3 prohibits agent read/write access to the libs/
directory inside build directories.
If you are unable to immediately upgrade to Jenkins 2.319, LTS 2.303.3, you can install the Remoting Security Workaround Plugin. It will prevent all agent-to-controller file access using FilePath APIs. Because it is more restrictive than Jenkins 2.319, LTS 2.303.3, more plugins are incompatible with it. Make sure to read the plugin documentation before installing it.
It is not easily possible to customize the file access rules to prohibit access to the libs/
directory specifically, as built-in rules (granting access to <BUILDDIR>
contents) would take precedence over a custom rule prohibiting access.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 2.303.2" }, "package": { "ecosystem": "Maven", "name": "org.jenkins-ci.main:jenkins-core" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.303.3" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 2.318" }, "package": { "ecosystem": "Maven", "name": "org.jenkins-ci.main:jenkins-core" }, "ranges": [ { "events": [ { "introduced": "2.304" }, { "fixed": "2.319" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2021-21696" ], "database_specific": { "cwe_ids": [ "CWE-693" ], "github_reviewed": true, "github_reviewed_at": "2022-06-23T06:47:00Z", "nvd_published_at": "2021-11-04T17:15:00Z", "severity": "HIGH" }, "details": "Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the `libs/` directory inside build directories when using the `FilePath` APIs. This directory is used by the Pipeline: Shared Groovy Libraries Plugin to store copies of shared libraries.\n\nThis allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process.\n\nJenkins 2.319, LTS 2.303.3 prohibits agent read/write access to the `libs/` directory inside build directories.\n\nIf you are unable to immediately upgrade to Jenkins 2.319, LTS 2.303.3, you can install the [Remoting Security Workaround Plugin](https://www.jenkins.io/redirect/remoting-security-workaround/). It will prevent all agent-to-controller file access using FilePath APIs. Because it is more restrictive than Jenkins 2.319, LTS 2.303.3, more plugins are incompatible with it. Make sure to read the plugin documentation before installing it.\n\nIt is not easily possible to [customize the file access rules](https://www.jenkins.io/doc/book/security/controller-isolation/agent-to-controller/#file-access-rules) to prohibit access to the `libs/` directory specifically, as built-in rules (granting access to `\u003cBUILDDIR\u003e` contents) would take precedence over a custom rule prohibiting access.", "id": "GHSA-c5r9-rx53-q3gf", "modified": "2022-12-16T20:43:58Z", "published": "2022-05-24T19:19:43Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696" }, { "type": "WEB", "url": "https://github.com/jenkinsci/jenkins/commit/93451e20c20cfd84badeb0f37c38d4c0c7a5dad3" }, { "type": "PACKAGE", "url": "https://github.com/jenkinsci/jenkins" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin" }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.