Action not permitted
Modal body text goes here.
cve-2021-21698
Vulnerability from cvelistv5
Published
2021-11-04 16:30
Modified
2024-08-03 18:23
Severity ?
EPSS score ?
Summary
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.
References
▼ | URL | Tags | |
---|---|---|---|
jenkinsci-cert@googlegroups.com | http://www.openwall.com/lists/oss-security/2021/11/04/3 | Mailing List, Third Party Advisory | |
jenkinsci-cert@googlegroups.com | https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506 | Vendor Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
Jenkins project | Jenkins Subversion Plugin |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:23:27.475Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" }, { "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Jenkins Subversion Plugin", "vendor": "Jenkins project", "versions": [ { "lessThanOrEqual": "2.15.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent." } ], "providerMetadata": { "dateUpdated": "2023-10-24T15:52:11.395Z", "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" }, { "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2021-21698", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Jenkins Subversion Plugin", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "2.15.0" } ] } } ] }, "vendor_name": "Jenkins project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", "refsource": "CONFIRM", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" }, { "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ] } } } }, "cveMetadata": { "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2021-21698", "datePublished": "2021-11-04T16:30:44", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-03T18:23:27.475Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-21698\",\"sourceIdentifier\":\"jenkinsci-cert@googlegroups.com\",\"published\":\"2021-11-04T17:15:08.987\",\"lastModified\":\"2023-11-22T21:22:06.187\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.\"},{\"lang\":\"es\",\"value\":\"Jenkins Subversion Plugin versiones 2.15.0 y anteriores, no restringe el nombre de un archivo cuando es buscado un archivo de claves de subversi\u00f3n en el controlador desde un agente\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:subversion:*:*:*:*:*:jenkins:*:*\",\"versionEndIncluding\":\"2.15.0\",\"matchCriteriaId\":\"BD30EA34-4B27-47C9-9D44-D85DBCE41C60\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2021/11/04/3\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
rhsa-2021_4799
Vulnerability from csaf_redhat
Published
2021-12-02 18:37
Modified
2024-11-06 00:12
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.6.51 packages and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.6.51 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.51. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:4800
Security Fix(es):
* jenkins-2-plugins/subversion: does not restrict the name of a file when
looking up a subversion key (CVE-2021-21698)
* jenkins: FilePath#mkdirs does not check permission to create parent
directories (CVE-2021-21685)
* jenkins: File path filters do not canonicalize paths, allowing operations
to follow symbolic links to outside allowed directories (CVE-2021-21686)
* jenkins: FilePath#untar does not check permission to create symbolic
links when unarchiving a symbolic link (CVE-2021-21687)
* jenkins: FilePath#reading(FileVisitor) does not reject any operations
allowing users to have unrestricted read access (CVE-2021-21688)
* jenkins: FilePath#unzip and FilePath#untar were not subject to any access
control (CVE-2021-21689)
* jenkins: Agent processes are able to completely bypass file path
filtering by wrapping the file operation in an agent file path
(CVE-2021-21690)
* jenkins: Creating symbolic links is possible without the symlink
permission (CVE-2021-21691)
* jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo
only check read permission on the source path (CVE-2021-21692)
* jenkins: When creating temporary files, permission to create files is
only checked after they’ve been created. (CVE-2021-21693)
* jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize,
FilePath#isDescendant, and FilePath#get*DiskSpace do not check any
permissions (CVE-2021-21694)
* jenkins: FilePath#listFiles lists files outside directories with agent
read access when following symbolic links. (CVE-2021-21695)
* jenkins: Agent-to-controller access control allowed writing to sensitive
directory used by Pipeline: Shared Groovy Libraries Plugin (CVE-2021-21696)
* jenkins: Agent-to-controller access control allows reading/writing most
content of build directories (CVE-2021-21697)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.6.51 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.51. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:4800\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: does not restrict the name of a file when\nlooking up a subversion key (CVE-2021-21698)\n* jenkins: FilePath#mkdirs does not check permission to create parent\ndirectories (CVE-2021-21685)\n* jenkins: File path filters do not canonicalize paths, allowing operations\nto follow symbolic links to outside allowed directories (CVE-2021-21686)\n* jenkins: FilePath#untar does not check permission to create symbolic\nlinks when unarchiving a symbolic link (CVE-2021-21687)\n* jenkins: FilePath#reading(FileVisitor) does not reject any operations\nallowing users to have unrestricted read access (CVE-2021-21688)\n* jenkins: FilePath#unzip and FilePath#untar were not subject to any access\ncontrol (CVE-2021-21689)\n* jenkins: Agent processes are able to completely bypass file path\nfiltering by wrapping the file operation in an agent file path\n(CVE-2021-21690)\n* jenkins: Creating symbolic links is possible without the symlink\npermission (CVE-2021-21691)\n* jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo\nonly check read permission on the source path (CVE-2021-21692)\n* jenkins: When creating temporary files, permission to create files is\nonly checked after they\u2019ve been created. (CVE-2021-21693)\n* jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize,\nFilePath#isDescendant, and FilePath#get*DiskSpace do not check any\npermissions (CVE-2021-21694)\n* jenkins: FilePath#listFiles lists files outside directories with agent\nread access when following symbolic links. (CVE-2021-21695)\n* jenkins: Agent-to-controller access control allowed writing to sensitive\ndirectory used by Pipeline: Shared Groovy Libraries Plugin (CVE-2021-21696)\n* jenkins: Agent-to-controller access control allows reading/writing most\ncontent of build directories (CVE-2021-21697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4799", "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4799.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.6.51 packages and security update", "tracking": { "current_release_date": "2024-11-06T00:12:06+00:00", "generator": { "date": "2024-11-06T00:12:06+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:4799", "initial_release_date": "2021-12-02T18:37:55+00:00", "revision_history": [ { "date": "2021-12-02T18:37:55+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-12-02T18:37:55+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:12:06+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.6", "product": { "name": "Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.6::el7" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.6", "product": { "name": "Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.6::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "product": { "name": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "product_id": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.6.0-202111100230.p0.git.6063298.assembly.stream.el7?arch=src" } } }, { "category": "product_version", "name": "jenkins-0:2.303.3.1637597493-1.el8.src", "product": { "name": "jenkins-0:2.303.3.1637597493-1.el8.src", "product_id": "jenkins-0:2.303.3.1637597493-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637597493-1.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "product": { "name": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "product_id": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.6.0-202111100230.p0.git.6063298.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "product": { "name": "openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "product_id": "openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr@4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "product_id": "jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.6.1637602169-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "product": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "product_id": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202111100230.p0.git.6063298.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "product_id": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202111100230.p0.git.6063298.assembly.stream.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.303.3.1637597493-1.el8.noarch", "product": { "name": "jenkins-0:2.303.3.1637597493-1.el8.noarch", "product_id": "jenkins-0:2.303.3.1637597493-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637597493-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-common@4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product": { "name": "python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_id": "python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.6.1637602169-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "product": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "product_id": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202111100230.p0.git.6063298.assembly.stream.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "product": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "product_id": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202111100230.p0.git.6063298.assembly.stream.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src" }, "product_reference": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64" }, "product_reference": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637597493-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch" }, "product_reference": "jenkins-0:2.303.3.1637597493-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637597493-1.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" }, "product_reference": "jenkins-0:2.303.3.1637597493-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.6.1637602169-1.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src" }, "product_reference": "openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x" }, "product_reference": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src" }, "product_reference": "openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" }, "product_reference": "python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-21685", "cwe": { "id": "CWE-281", "name": "Improper Preservation of Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020322" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#mkdirs does not check permission to create parent directories, which may allow an attacker who controls the agent process to get read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#mkdirs does not check permission to create parent directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21685" }, { "category": "external", "summary": "RHBZ#2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21685", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#mkdirs does not check permission to create parent directories" }, { "cve": "CVE-2021-21686", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020323" } ], "notes": [ { "category": "description", "text": "A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21686" }, { "category": "external", "summary": "RHBZ#2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21686", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21686" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories" }, { "cve": "CVE-2021-21687", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020324" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21687" }, { "category": "external", "summary": "RHBZ#2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21687", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link" }, { "cve": "CVE-2021-21688", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020327" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The FilePath#reading(FileVisitor) does not reject any operations giving users unrestricted read access with certain operations (creating archives, #copyRecursiveTo). This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21688" }, { "category": "external", "summary": "RHBZ#2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21688", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21688" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access" }, { "cve": "CVE-2021-21689", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020335" } ], "notes": [ { "category": "description", "text": "An incorrect access control vulnerability was found in Jenkins. The FilePath#unzip and FilePath#untar were not subjected to any access control. An attacker with access to FilePath#unzip or FilePath#untar operations is able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21689" }, { "category": "external", "summary": "RHBZ#2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21689", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21689" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control" }, { "cve": "CVE-2021-21690", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020336" } ], "notes": [ { "category": "description", "text": "A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21690" }, { "category": "external", "summary": "RHBZ#2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path" }, { "cve": "CVE-2021-21691", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020338" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jenkins which failed to correctly validate permissions. This flaw allowed any user to create symbolic links regardless if they had the symlink permission. It may allow an attacker to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Creating symbolic links is possible without the symlink permission", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21691" }, { "category": "external", "summary": "RHBZ#2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21691", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21691" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Creating symbolic links is possible without the symlink permission" }, { "cve": "CVE-2021-21692", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020339" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21692" }, { "category": "external", "summary": "RHBZ#2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21692", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path" }, { "cve": "CVE-2021-21693", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020341" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The permissions to create temporary files are only checked after they have been created. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21693" }, { "category": "external", "summary": "RHBZ#2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21693", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created." }, { "cve": "CVE-2021-21694", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020342" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions, which may allow an attacker who has access to any of these operations to be able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21694" }, { "category": "external", "summary": "RHBZ#2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21694", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21694" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions" }, { "cve": "CVE-2021-21695", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020343" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#listFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21695" }, { "category": "external", "summary": "RHBZ#2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21695", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links." }, { "cve": "CVE-2021-21696", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020344" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21696" }, { "category": "external", "summary": "RHBZ#2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21696", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21696" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin" }, { "cve": "CVE-2021-21697", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020345" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The directories agents are allowed to access include the directories where there are stored build-related information intended to allow agents to store build-related metadata during build execution. As a consequence, this allows an attacker who controls agent process to read and write the contents of any build directory stored in Jenkins with very few restrictions (build.xml and some Pipeline-related metadata).", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21697" }, { "category": "external", "summary": "RHBZ#2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21697", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21697" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories" }, { "cve": "CVE-2021-21698", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020385" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent\u0027s ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el7.x86_64", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-0:2.303.3.1637597493-1.el8.src", "8Base-RHOSE-4.6:openshift-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.s390x", "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202111100230.p0.git.6063298.assembly.stream.el8.x86_64", "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.src", "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch", "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202111041131.p0.git.7c5a4f7.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21698" }, { "category": "external", "summary": "RHBZ#2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T18:37:55+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4799" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.noarch", "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1637602169-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key" } ] }
rhsa-2021_4829
Vulnerability from csaf_redhat
Published
2021-11-30 09:11
Modified
2024-11-06 00:12
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.8.22 security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.8.22 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.22. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:4830
All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available at
https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
Security Fix(es):
* jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key (CVE-2021-21698)
* jenkins: FilePath#mkdirs does not check permission to create parent directories (CVE-2021-21685)
* jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories (CVE-2021-21686)
* jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link (CVE-2021-21687)
* jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access (CVE-2021-21688)
* coreos-installer: restrict access permissions on /boot/ignition{,/config.ign} (CVE-2021-3917)
* jenkins: FilePath#unzip and FilePath#untar were not subject to any access control (CVE-2021-21689)
* jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path (CVE-2021-21690)
* jenkins: Creating symbolic links is possible without the symlink permission (CVE-2021-21691)
* jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path (CVE-2021-21692)
* jenkins: When creating temporary files, permission to create files is only checked after they’ve been created. (CVE-2021-21693)
* jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions (CVE-2021-21694)
* jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links. (CVE-2021-21695)
* jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin (CVE-2021-21696)
* jenkins: Agent-to-controller access control allows reading/writing most content of build directories (CVE-2021-21697)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.8.22 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.22. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:4830\n\nAll OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key (CVE-2021-21698)\n* jenkins: FilePath#mkdirs does not check permission to create parent directories (CVE-2021-21685)\n* jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories (CVE-2021-21686)\n* jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link (CVE-2021-21687)\n* jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access (CVE-2021-21688)\n* coreos-installer: restrict access permissions on /boot/ignition{,/config.ign} (CVE-2021-3917)\n* jenkins: FilePath#unzip and FilePath#untar were not subject to any access control (CVE-2021-21689)\n* jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path (CVE-2021-21690)\n* jenkins: Creating symbolic links is possible without the symlink permission (CVE-2021-21691)\n* jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path (CVE-2021-21692)\n* jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created. (CVE-2021-21693)\n* jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions (CVE-2021-21694)\n* jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links. (CVE-2021-21695)\n* jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin (CVE-2021-21696)\n* jenkins: Agent-to-controller access control allows reading/writing most content of build directories (CVE-2021-21697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4829", "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2018478", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018478" }, { "category": "external", "summary": "2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4829.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.8.22 security update", "tracking": { "current_release_date": "2024-11-06T00:12:09+00:00", "generator": { "date": "2024-11-06T00:12:09+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:4829", "initial_release_date": "2021-11-30T09:11:27+00:00", "revision_history": [ { "date": "2021-11-30T09:11:27+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-11-30T09:11:27+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:12:09+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.8", "product": { "name": "Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.8::el8" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.8", "product": { "name": "Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.8::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "product": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "product_id": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer@0.9.0-8.rhaos4.8.el8?arch=src" } } }, { "category": "product_version", "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "product": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "product_id": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-0:2.303.3.1637596565-1.el8.src", "product": { "name": "jenkins-0:2.303.3.1637596565-1.el8.src", "product_id": "jenkins-0:2.303.3.1637596565-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637596565-1.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "product_id": "jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.8.1637599935-1.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "product": { "name": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "product_id": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.8.0-202111221934.p0.g81bc627.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "product": { "name": "openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "product_id": "openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr@4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "product": { "name": "python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "product_id": "python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-sushy@3.7.4-0.20211119091058.2cc60dc.el8?arch=src" } } }, { "category": "product_version", "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "product": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "product_id": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.4-3.rhaos4.8.git84fa55d.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "product": { "name": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "product_id": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.8.0-202111221934.p0.g81bc627.assembly.stream.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "product": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_id": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer@0.9.0-8.rhaos4.8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "product": { "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_id": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-debugsource@0.9.0-8.rhaos4.8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "product": { "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_id": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-bootinfra-debuginfo@0.9.0-8.rhaos4.8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "product": { "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_id": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-debuginfo@0.9.0-8.rhaos4.8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product_id": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product": { "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product_id": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product_id": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "product_id": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202111221934.p0.g81bc627.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "product": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "product_id": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.4-3.rhaos4.8.git84fa55d.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "product": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "product_id": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.4-3.rhaos4.8.git84fa55d.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "product": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "product_id": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202111221934.p0.g81bc627.assembly.stream.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_id": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer@0.9.0-8.rhaos4.8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product": { "name": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_id": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-bootinfra@0.9.0-8.rhaos4.8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product": { "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_id": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-debugsource@0.9.0-8.rhaos4.8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product": { "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_id": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-bootinfra-debuginfo@0.9.0-8.rhaos4.8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product": { "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_id": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-debuginfo@0.9.0-8.rhaos4.8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product_id": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product": { "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product_id": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product_id": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "product": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "product_id": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202111221934.p0.g81bc627.assembly.stream.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "product": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "product_id": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer@0.9.0-8.rhaos4.8.el8?arch=s390x" } } }, { "category": "product_version", "name": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "product": { "name": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "product_id": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-bootinfra@0.9.0-8.rhaos4.8.el8?arch=s390x" } } }, { "category": "product_version", "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "product": { "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "product_id": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-debugsource@0.9.0-8.rhaos4.8.el8?arch=s390x" } } }, { "category": "product_version", "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "product": { "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "product_id": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-bootinfra-debuginfo@0.9.0-8.rhaos4.8.el8?arch=s390x" } } }, { "category": "product_version", "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "product": { "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "product_id": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/coreos-installer-debuginfo@0.9.0-8.rhaos4.8.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product_id": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product": { "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product_id": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product_id": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.4-3.rhaos4.8.git84fa55d.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "product": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "product_id": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202111221934.p0.g81bc627.assembly.stream.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.303.3.1637596565-1.el8.noarch", "product": { "name": "jenkins-0:2.303.3.1637596565-1.el8.noarch", "product_id": "jenkins-0:2.303.3.1637596565-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637596565-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.8.1637599935-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-common@4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product": { "name": "python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_id": "python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "product": { "name": "python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "product_id": "python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-sushy@3.7.4-0.20211119091058.2cc60dc.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "product": { "name": "python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "product_id": "python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-sushy-tests@3.7.4-0.20211119091058.2cc60dc.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src" }, "product_reference": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64" }, "product_reference": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src" }, "product_reference": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64" }, "product_reference": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le" }, "product_reference": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x" }, "product_reference": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src" }, "product_reference": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64" }, "product_reference": "coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le" }, "product_reference": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x" }, "product_reference": "coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le" }, "product_reference": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x" }, "product_reference": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64" }, "product_reference": "coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le" }, "product_reference": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x" }, "product_reference": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64" }, "product_reference": "coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le" }, "product_reference": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x" }, "product_reference": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64" }, "product_reference": "coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le" }, "product_reference": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x" }, "product_reference": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src" }, "product_reference": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64" }, "product_reference": "cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le" }, "product_reference": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x" }, "product_reference": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le" }, "product_reference": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x" }, "product_reference": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64" }, "product_reference": "cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637596565-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch" }, "product_reference": "jenkins-0:2.303.3.1637596565-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637596565-1.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" }, "product_reference": "jenkins-0:2.303.3.1637596565-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.8.1637599935-1.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src" }, "product_reference": "openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x" }, "product_reference": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src" }, "product_reference": "openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src" }, "product_reference": "python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch" }, "product_reference": "python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" }, "product_reference": "python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" }, "product_reference": "python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3917", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-10-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2018478" } ], "notes": [ { "category": "description", "text": "A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "coreos-installer: restrict access permissions on /boot/ignition{,/config.ign}", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3917" }, { "category": "external", "summary": "RHBZ#2018478", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018478" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3917", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3917" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3917", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3917" }, { "category": "external", "summary": "https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c", "url": "https://github.com/coreos/coreos-installer/commit/2a36405339c87b16ed6c76e91ad5b76638fbdb0c" } ], "release_date": "2021-07-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "coreos-installer: restrict access permissions on /boot/ignition{,/config.ign}" }, { "cve": "CVE-2021-21685", "cwe": { "id": "CWE-281", "name": "Improper Preservation of Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020322" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#mkdirs does not check permission to create parent directories, which may allow an attacker who controls the agent process to get read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#mkdirs does not check permission to create parent directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21685" }, { "category": "external", "summary": "RHBZ#2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21685", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#mkdirs does not check permission to create parent directories" }, { "cve": "CVE-2021-21686", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020323" } ], "notes": [ { "category": "description", "text": "A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21686" }, { "category": "external", "summary": "RHBZ#2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21686", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21686" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories" }, { "cve": "CVE-2021-21687", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020324" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21687" }, { "category": "external", "summary": "RHBZ#2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21687", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link" }, { "cve": "CVE-2021-21688", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020327" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The FilePath#reading(FileVisitor) does not reject any operations giving users unrestricted read access with certain operations (creating archives, #copyRecursiveTo). This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21688" }, { "category": "external", "summary": "RHBZ#2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21688", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21688" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access" }, { "cve": "CVE-2021-21689", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020335" } ], "notes": [ { "category": "description", "text": "An incorrect access control vulnerability was found in Jenkins. The FilePath#unzip and FilePath#untar were not subjected to any access control. An attacker with access to FilePath#unzip or FilePath#untar operations is able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21689" }, { "category": "external", "summary": "RHBZ#2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21689", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21689" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control" }, { "cve": "CVE-2021-21690", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020336" } ], "notes": [ { "category": "description", "text": "A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21690" }, { "category": "external", "summary": "RHBZ#2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path" }, { "cve": "CVE-2021-21691", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020338" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jenkins which failed to correctly validate permissions. This flaw allowed any user to create symbolic links regardless if they had the symlink permission. It may allow an attacker to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Creating symbolic links is possible without the symlink permission", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21691" }, { "category": "external", "summary": "RHBZ#2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21691", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21691" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Creating symbolic links is possible without the symlink permission" }, { "cve": "CVE-2021-21692", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020339" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21692" }, { "category": "external", "summary": "RHBZ#2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21692", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path" }, { "cve": "CVE-2021-21693", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020341" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The permissions to create temporary files are only checked after they have been created. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21693" }, { "category": "external", "summary": "RHBZ#2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21693", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created." }, { "cve": "CVE-2021-21694", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020342" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions, which may allow an attacker who has access to any of these operations to be able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21694" }, { "category": "external", "summary": "RHBZ#2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21694", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21694" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions" }, { "cve": "CVE-2021-21695", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020343" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#listFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21695" }, { "category": "external", "summary": "RHBZ#2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21695", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links." }, { "cve": "CVE-2021-21696", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020344" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21696" }, { "category": "external", "summary": "RHBZ#2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21696", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21696" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin" }, { "cve": "CVE-2021-21697", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020345" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The directories agents are allowed to access include the directories where there are stored build-related information intended to allow agents to store build-related metadata during build execution. As a consequence, this allows an attacker who controls agent process to read and write the contents of any build directory stored in Jenkins with very few restrictions (build.xml and some Pipeline-related metadata).", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21697" }, { "category": "external", "summary": "RHBZ#2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21697", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21697" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories" }, { "cve": "CVE-2021-21698", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020385" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent\u0027s ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.src", "8Base-RHOSE-4.8:coreos-installer-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-bootinfra-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debuginfo-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:coreos-installer-debugsource-0:0.9.0-8.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.4-3.rhaos4.8.git84fa55d.el8.x86_64", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-0:2.303.3.1637596565-1.el8.src", "8Base-RHOSE-4.8:openshift-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202111221934.p0.g81bc627.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.src", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202111221627.p0.g43dd2f6.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch", "8Base-RHOSE-4.8:python3-sushy-tests-0:3.7.4-0.20211119091058.2cc60dc.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21698" }, { "category": "external", "summary": "RHBZ#2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-30T09:11:27+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4829" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.noarch", "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1637599935-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key" } ] }
rhsa-2021_4827
Vulnerability from csaf_redhat
Published
2021-12-02 22:04
Modified
2024-11-06 00:12
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.11.569 security update
Notes
Topic
Red Hat OpenShift Container Platform release 3.11.569 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
* jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key (CVE-2021-21698)
* jenkins: FilePath#mkdirs does not check permission to create parent directories (CVE-2021-21685)
* jenkins: File path filters do not canonicalize paths, allowing operations
to follow symbolic links to outside allowed directories (CVE-2021-21686)
* jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link (CVE-2021-21687)
* jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access (CVE-2021-21688)
* jenkins: FilePath#unzip and FilePath#untar were not subject to any access control (CVE-2021-21689)
* jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path
(CVE-2021-21690)
* jenkins: Creating symbolic links is possible without the symlink permission (CVE-2021-21691)
* jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path (CVE-2021-21692)
* jenkins: When creating temporary files, permission to create files is only checked after they’ve been created. (CVE-2021-21693)
* jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any
permissions (CVE-2021-21694)
* jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links. (CVE-2021-21695)
* jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin (CVE-2021-21696)
* jenkins: Agent-to-controller access control allows reading/writing most content of build directories (CVE-2021-21697)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 3.11.569 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key (CVE-2021-21698)\n* jenkins: FilePath#mkdirs does not check permission to create parent directories (CVE-2021-21685)\n* jenkins: File path filters do not canonicalize paths, allowing operations\nto follow symbolic links to outside allowed directories (CVE-2021-21686)\n* jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link (CVE-2021-21687)\n* jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access (CVE-2021-21688)\n* jenkins: FilePath#unzip and FilePath#untar were not subject to any access control (CVE-2021-21689)\n* jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path\n(CVE-2021-21690)\n* jenkins: Creating symbolic links is possible without the symlink permission (CVE-2021-21691)\n* jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path (CVE-2021-21692)\n* jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created. (CVE-2021-21693)\n* jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any\npermissions (CVE-2021-21694)\n* jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links. (CVE-2021-21695)\n* jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin (CVE-2021-21696)\n* jenkins: Agent-to-controller access control allows reading/writing most content of build directories (CVE-2021-21697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4827", "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1920894", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920894" }, { "category": "external", "summary": "2002671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2002671" }, { "category": "external", "summary": "2002909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2002909" }, { "category": "external", "summary": "2003491", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003491" }, { "category": "external", "summary": "2013496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013496" }, { "category": "external", "summary": "2016467", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016467" }, { "category": "external", "summary": "2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "external", "summary": "2026193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026193" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4827.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 3.11.569 security update", "tracking": { "current_release_date": "2024-11-06T00:12:18+00:00", "generator": { "date": "2024-11-06T00:12:18+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:4827", "initial_release_date": "2021-12-02T22:04:06+00:00", "revision_history": [ { "date": "2021-12-02T22:04:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-12-02T22:04:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:12:18+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 3.11", "product": { "name": "Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:3.11::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.303.3.1637698110-1.el7.src", "product": { "name": "jenkins-0:2.303.3.1637698110-1.el7.src", "product_id": "jenkins-0:2.303.3.1637698110-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637698110-1.el7?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "product": { "name": "jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "product_id": "jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1637699107-1.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "product": { "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "product_id": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.569-1.g2e6be86.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "product": { "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "product_id": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.11.569-1.git.0.9dc951a.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "product": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.569-1.g99b2acf.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "product": { "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "product_id": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.569-1.gd435537.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "product": { "name": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "product_id": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.569-1.g3571208.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "product": { "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "product_id": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.569-1.gf8bf728.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "product": { "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "product_id": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.569-1.gc8f26da.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "product": { "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "product_id": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.569-1.g39cfc66.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "product": { "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "product_id": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.569-1.g3e485e6.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "product": { "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "product_id": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.569-1.gedebe84.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "product": { "name": "golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "product_id": "golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.569-1.g13de638.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "product": { "name": "golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "product_id": "golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.569-1.g609cd20.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "product": { "name": "golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "product_id": "golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.569-1.g99aae51.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "product": { "name": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "product_id": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@3.11.569-1.git.0.9620ba1.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "product": { "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "product_id": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.569-1.gf2f435d.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "product": { "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "product_id": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.569-1.g22be164.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "product": { "name": "openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "product_id": "openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr@3.11.569-1.g0c4bf66.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.303.3.1637698110-1.el7.noarch", "product": { "name": "jenkins-0:2.303.3.1637698110-1.el7.noarch", "product_id": "jenkins-0:2.303.3.1637698110-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637698110-1.el7?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "product": { "name": "jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "product_id": "jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1637699107-1.el7?arch=noarch" } } }, { "category": "product_version", "name": "atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "product": { "name": "atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "product_id": "atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.11.569-1.git.0.9dc951a.el7?arch=noarch" } } }, { "category": "product_version", "name": "atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "product": { "name": "atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "product_id": "atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.11.569-1.git.0.9dc951a.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product": { "name": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_id": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@3.11.569-1.git.0.9620ba1.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product": { "name": "openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_id": "openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.11.569-1.git.0.9620ba1.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product": { "name": "openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_id": "openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.11.569-1.git.0.9620ba1.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product": { "name": "openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_id": "openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.11.569-1.git.0.9620ba1.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product": { "name": "openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_id": "openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-test@3.11.569-1.git.0.9620ba1.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "product": { "name": "openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "product_id": "openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-cni@3.11.569-1.g0c4bf66.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "product": { "name": "openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "product_id": "openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-common@3.11.569-1.g0c4bf66.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "product": { "name": "openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "product_id": "openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-controller@3.11.569-1.g0c4bf66.el7?arch=noarch" } } }, { "category": "product_version", "name": "python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch", "product": { "name": "python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch", "product_id": "python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python2-kuryr-kubernetes@3.11.569-1.g0c4bf66.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "product": { "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "product_id": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.569-1.g2e6be86.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "product": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.569-1.g2e6be86.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product": { "name": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_id": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.569-1.git.0.9dc951a.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "product": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.569-1.g99b2acf.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "product": { "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "product_id": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.569-1.gd435537.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "product": { "name": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "product_id": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.569-1.g3571208.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "product": { "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "product_id": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.569-1.gf8bf728.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "product": { "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "product_id": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.569-1.gc8f26da.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "product": { "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "product_id": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.569-1.g39cfc66.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "product": { "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "product_id": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.569-1.g3e485e6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "product": { "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "product_id": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.569-1.gedebe84.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "product": { "name": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "product_id": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.569-1.g13de638.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "product": { "name": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "product_id": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.569-1.g609cd20.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "product": { "name": "prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "product_id": "prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus@3.11.569-1.g99aae51.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "product": { "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "product_id": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.569-1.gf2f435d.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "product": { "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "product_id": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.569-1.g22be164.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "product": { "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "product_id": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.569-1.g2e6be86.el7?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "product": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.569-1.g2e6be86.el7?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product": { "name": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_id": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.569-1.git.0.9dc951a.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "product": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.569-1.g99b2acf.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "product": { "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "product_id": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.569-1.gd435537.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "product": { "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "product_id": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.569-1.gf8bf728.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "product": { "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "product_id": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.569-1.gc8f26da.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "product": { "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "product_id": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.569-1.g39cfc66.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "product": { "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "product_id": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.569-1.g3e485e6.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "product": { "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "product_id": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.569-1.gedebe84.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "product": { "name": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "product_id": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.569-1.g13de638.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "product": { "name": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "product_id": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.569-1.g609cd20.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "product": { "name": "prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "product_id": "prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus@3.11.569-1.g99aae51.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "product": { "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "product_id": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.569-1.gf2f435d.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "product": { "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "product_id": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.569-1.g22be164.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le" }, "product_reference": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src" }, "product_reference": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64" }, "product_reference": "atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le" }, "product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64" }, "product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src" }, "product_reference": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le" }, "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src" }, "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64" }, "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le" }, "product_reference": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src" }, "product_reference": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64" }, "product_reference": "atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch" }, "product_reference": "atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src" }, "product_reference": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64" }, "product_reference": "atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch" }, "product_reference": "atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le" }, "product_reference": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src" }, "product_reference": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64" }, "product_reference": "atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le" }, "product_reference": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src" }, "product_reference": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64" }, "product_reference": "atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le" }, "product_reference": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64" }, "product_reference": "atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le" }, "product_reference": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src" }, "product_reference": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64" }, "product_reference": "atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le" }, "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src" }, "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64" }, "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src" }, "product_reference": "golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src" }, "product_reference": "golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src" }, "product_reference": "golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637698110-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch" }, "product_reference": "jenkins-0:2.303.3.1637698110-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637698110-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" }, "product_reference": "jenkins-0:2.303.3.1637698110-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch" }, "product_reference": "jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:3.11.1637699107-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src" }, "product_reference": "jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch" }, "product_reference": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src" }, "product_reference": "openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch" }, "product_reference": "openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch" }, "product_reference": "openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch" }, "product_reference": "openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch" }, "product_reference": "openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le" }, "product_reference": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src" }, "product_reference": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64" }, "product_reference": "openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le" }, "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src" }, "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64" }, "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src" }, "product_reference": "openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch" }, "product_reference": "openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch" }, "product_reference": "openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch" }, "product_reference": "openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-0:3.11.569-1.g99aae51.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le" }, "product_reference": "prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-0:3.11.569-1.g99aae51.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64" }, "product_reference": "prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le" }, "product_reference": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64" }, "product_reference": "prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le" }, "product_reference": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64" }, "product_reference": "prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" }, "product_reference": "python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-21685", "cwe": { "id": "CWE-281", "name": "Improper Preservation of Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020322" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#mkdirs does not check permission to create parent directories, which may allow an attacker who controls the agent process to get read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#mkdirs does not check permission to create parent directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21685" }, { "category": "external", "summary": "RHBZ#2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21685", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#mkdirs does not check permission to create parent directories" }, { "cve": "CVE-2021-21686", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020323" } ], "notes": [ { "category": "description", "text": "A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21686" }, { "category": "external", "summary": "RHBZ#2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21686", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21686" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories" }, { "cve": "CVE-2021-21687", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020324" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21687" }, { "category": "external", "summary": "RHBZ#2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21687", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link" }, { "cve": "CVE-2021-21688", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020327" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The FilePath#reading(FileVisitor) does not reject any operations giving users unrestricted read access with certain operations (creating archives, #copyRecursiveTo). This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21688" }, { "category": "external", "summary": "RHBZ#2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21688", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21688" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access" }, { "cve": "CVE-2021-21689", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020335" } ], "notes": [ { "category": "description", "text": "An incorrect access control vulnerability was found in Jenkins. The FilePath#unzip and FilePath#untar were not subjected to any access control. An attacker with access to FilePath#unzip or FilePath#untar operations is able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21689" }, { "category": "external", "summary": "RHBZ#2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21689", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21689" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control" }, { "cve": "CVE-2021-21690", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020336" } ], "notes": [ { "category": "description", "text": "A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21690" }, { "category": "external", "summary": "RHBZ#2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path" }, { "cve": "CVE-2021-21691", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020338" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jenkins which failed to correctly validate permissions. This flaw allowed any user to create symbolic links regardless if they had the symlink permission. It may allow an attacker to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Creating symbolic links is possible without the symlink permission", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21691" }, { "category": "external", "summary": "RHBZ#2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21691", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21691" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Creating symbolic links is possible without the symlink permission" }, { "cve": "CVE-2021-21692", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020339" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21692" }, { "category": "external", "summary": "RHBZ#2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21692", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path" }, { "cve": "CVE-2021-21693", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020341" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The permissions to create temporary files are only checked after they have been created. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21693" }, { "category": "external", "summary": "RHBZ#2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21693", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created." }, { "cve": "CVE-2021-21694", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020342" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions, which may allow an attacker who has access to any of these operations to be able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21694" }, { "category": "external", "summary": "RHBZ#2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21694", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21694" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions" }, { "cve": "CVE-2021-21695", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020343" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#listFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21695" }, { "category": "external", "summary": "RHBZ#2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21695", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links." }, { "cve": "CVE-2021-21696", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020344" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21696" }, { "category": "external", "summary": "RHBZ#2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21696", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21696" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin" }, { "cve": "CVE-2021-21697", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020345" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The directories agents are allowed to access include the directories where there are stored build-related information intended to allow agents to store build-related metadata during build execution. As a consequence, this allows an attacker who controls agent process to read and write the contents of any build directory stored in Jenkins with very few restrictions (build.xml and some Pipeline-related metadata).", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21697" }, { "category": "external", "summary": "RHBZ#2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21697", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21697" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories" }, { "cve": "CVE-2021-21698", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020385" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent\u0027s ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.569-1.g2e6be86.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.569-1.g99b2acf.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.569-1.gd435537.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.569-1.g3571208.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.569-1.git.0.9dc951a.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.569-1.gf8bf728.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.569-1.gc8f26da.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.569-1.g39cfc66.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.569-1.git.0.9dc951a.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.ppc64le", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.569-1.g3e485e6.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.ppc64le", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.569-1.gedebe84.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.569-1.g13de638.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.569-1.g609cd20.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.569-1.g99aae51.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-0:2.303.3.1637698110-1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.569-1.git.0.9620ba1.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.569-1.git.0.9620ba1.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.569-1.gf2f435d.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.ppc64le", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.569-1.g22be164.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.569-1.g0c4bf66.el7.src", "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.569-1.g0c4bf66.el7.noarch", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.569-1.g99aae51.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.569-1.g13de638.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.ppc64le", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.569-1.g609cd20.el7.x86_64", "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.569-1.g0c4bf66.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21698" }, { "category": "external", "summary": "RHBZ#2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-02T22:04:06+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system is applied.\n\nSee the following documentation, which will be updated shortly for release 3.11.569, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4827" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1637699107-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key" } ] }
rhsa-2021_4801
Vulnerability from csaf_redhat
Published
2021-12-01 12:28
Modified
2024-11-06 00:11
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.7.38 security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.7.38 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.7.38. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHBA-2021:4802
All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
Security Fix(es):
* jenkins-2-plugins/subversion: does not restrict the name of a file when
looking up a subversion key (CVE-2021-21698)
* jenkins: FilePath#mkdirs does not check permission to create parent
directories (CVE-2021-21685)
* jenkins: File path filters do not canonicalize paths, allowing operations
to follow symbolic links to outside allowed directories (CVE-2021-21686)
* jenkins: FilePath#untar does not check permission to create symbolic
links when unarchiving a symbolic link (CVE-2021-21687)
* jenkins: FilePath#reading(FileVisitor) does not reject any operations
allowing users to have unrestricted read access (CVE-2021-21688)
* jenkins: FilePath#unzip and FilePath#untar were not subject to any access
control (CVE-2021-21689)
* jenkins: Agent processes are able to completely bypass file path
filtering by wrapping the file operation in an agent file path
(CVE-2021-21690)
* jenkins: Creating symbolic links is possible without the symlink
permission (CVE-2021-21691)
* jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo
only check read permission on the source path (CVE-2021-21692)
* jenkins: When creating temporary files, permission to create files is
only checked after they’ve been created. (CVE-2021-21693)
* jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize,
FilePath#isDescendant, and FilePath#get*DiskSpace do not check any
permissions (CVE-2021-21694)
* jenkins: FilePath#listFiles lists files outside directories with agent
read access when following symbolic links. (CVE-2021-21695)
* jenkins: Agent-to-controller access control allowed writing to sensitive
directory used by Pipeline: Shared Groovy Libraries Plugin (CVE-2021-21696)
* jenkins: Agent-to-controller access control allows reading/writing most
content of build directories (CVE-2021-21697)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.7.38 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.7.38. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:4802\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: does not restrict the name of a file when\nlooking up a subversion key (CVE-2021-21698)\n* jenkins: FilePath#mkdirs does not check permission to create parent\ndirectories (CVE-2021-21685)\n* jenkins: File path filters do not canonicalize paths, allowing operations\nto follow symbolic links to outside allowed directories (CVE-2021-21686)\n* jenkins: FilePath#untar does not check permission to create symbolic\nlinks when unarchiving a symbolic link (CVE-2021-21687)\n* jenkins: FilePath#reading(FileVisitor) does not reject any operations\nallowing users to have unrestricted read access (CVE-2021-21688)\n* jenkins: FilePath#unzip and FilePath#untar were not subject to any access\ncontrol (CVE-2021-21689)\n* jenkins: Agent processes are able to completely bypass file path\nfiltering by wrapping the file operation in an agent file path\n(CVE-2021-21690)\n* jenkins: Creating symbolic links is possible without the symlink\npermission (CVE-2021-21691)\n* jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo\nonly check read permission on the source path (CVE-2021-21692)\n* jenkins: When creating temporary files, permission to create files is\nonly checked after they\u2019ve been created. (CVE-2021-21693)\n* jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize,\nFilePath#isDescendant, and FilePath#get*DiskSpace do not check any\npermissions (CVE-2021-21694)\n* jenkins: FilePath#listFiles lists files outside directories with agent\nread access when following symbolic links. (CVE-2021-21695)\n* jenkins: Agent-to-controller access control allowed writing to sensitive\ndirectory used by Pipeline: Shared Groovy Libraries Plugin (CVE-2021-21696)\n* jenkins: Agent-to-controller access control allows reading/writing most\ncontent of build directories (CVE-2021-21697)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4801", "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4801.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.7.38 security update", "tracking": { "current_release_date": "2024-11-06T00:11:59+00:00", "generator": { "date": "2024-11-06T00:11:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:4801", "initial_release_date": "2021-12-01T12:28:59+00:00", "revision_history": [ { "date": "2021-12-01T12:28:59+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-12-01T12:28:59+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:11:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.7", "product": { "name": "Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.7::el7" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.7", "product": { "name": "Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.7::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "product": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "product_id": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.6-3.rhaos4.7.git4603183.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "product": { "name": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "product_id": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7?arch=src" } } }, { "category": "product_version", "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "product": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "product_id": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.6-3.rhaos4.7.git4603183.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-0:2.303.3.1637597018-1.el8.src", "product": { "name": "jenkins-0:2.303.3.1637597018-1.el8.src", "product_id": "jenkins-0:2.303.3.1637597018-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637597018-1.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "product_id": "jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.7.1637600997-1.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "product": { "name": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "product_id": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "product": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "product_id": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.6-3.rhaos4.7.git4603183.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "product": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "product_id": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.6-3.rhaos4.7.git4603183.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "product": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "product_id": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product_id": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.6-3.rhaos4.7.git4603183.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product": { "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product_id": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.6-3.rhaos4.7.git4603183.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product_id": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.6-3.rhaos4.7.git4603183.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64", "product_id": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product_id": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.6-3.rhaos4.7.git4603183.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product": { "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product_id": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.6-3.rhaos4.7.git4603183.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product_id": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.6-3.rhaos4.7.git4603183.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "product": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "product_id": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product_id": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.6-3.rhaos4.7.git4603183.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product": { "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product_id": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.6-3.rhaos4.7.git4603183.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product_id": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.6-3.rhaos4.7.git4603183.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "product": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "product_id": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.303.3.1637597018-1.el8.noarch", "product": { "name": "jenkins-0:2.303.3.1637597018-1.el8.noarch", "product_id": "jenkins-0:2.303.3.1637597018-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637597018-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.7.1637600997-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src" }, "product_reference": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64" }, "product_reference": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src" }, "product_reference": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64" }, "product_reference": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le" }, "product_reference": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x" }, "product_reference": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src" }, "product_reference": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64" }, "product_reference": "cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le" }, "product_reference": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x" }, "product_reference": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le" }, "product_reference": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x" }, "product_reference": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64" }, "product_reference": "cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637597018-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch" }, "product_reference": "jenkins-0:2.303.3.1637597018-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637597018-1.el8.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" }, "product_reference": "jenkins-0:2.303.3.1637597018-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.7.1637600997-1.el8.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src" }, "product_reference": "openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x" }, "product_reference": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-21685", "cwe": { "id": "CWE-281", "name": "Improper Preservation of Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020322" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#mkdirs does not check permission to create parent directories, which may allow an attacker who controls the agent process to get read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#mkdirs does not check permission to create parent directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21685" }, { "category": "external", "summary": "RHBZ#2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21685", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#mkdirs does not check permission to create parent directories" }, { "cve": "CVE-2021-21686", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020323" } ], "notes": [ { "category": "description", "text": "A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21686" }, { "category": "external", "summary": "RHBZ#2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21686", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21686" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories" }, { "cve": "CVE-2021-21687", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020324" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21687" }, { "category": "external", "summary": "RHBZ#2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21687", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link" }, { "cve": "CVE-2021-21688", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020327" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The FilePath#reading(FileVisitor) does not reject any operations giving users unrestricted read access with certain operations (creating archives, #copyRecursiveTo). This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21688" }, { "category": "external", "summary": "RHBZ#2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21688", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21688" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access" }, { "cve": "CVE-2021-21689", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020335" } ], "notes": [ { "category": "description", "text": "An incorrect access control vulnerability was found in Jenkins. The FilePath#unzip and FilePath#untar were not subjected to any access control. An attacker with access to FilePath#unzip or FilePath#untar operations is able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21689" }, { "category": "external", "summary": "RHBZ#2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21689", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21689" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control" }, { "cve": "CVE-2021-21690", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020336" } ], "notes": [ { "category": "description", "text": "A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21690" }, { "category": "external", "summary": "RHBZ#2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path" }, { "cve": "CVE-2021-21691", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020338" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jenkins which failed to correctly validate permissions. This flaw allowed any user to create symbolic links regardless if they had the symlink permission. It may allow an attacker to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Creating symbolic links is possible without the symlink permission", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21691" }, { "category": "external", "summary": "RHBZ#2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21691", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21691" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Creating symbolic links is possible without the symlink permission" }, { "cve": "CVE-2021-21692", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020339" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21692" }, { "category": "external", "summary": "RHBZ#2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21692", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path" }, { "cve": "CVE-2021-21693", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020341" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The permissions to create temporary files are only checked after they have been created. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21693" }, { "category": "external", "summary": "RHBZ#2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21693", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created." }, { "cve": "CVE-2021-21694", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020342" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions, which may allow an attacker who has access to any of these operations to be able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21694" }, { "category": "external", "summary": "RHBZ#2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21694", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21694" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions" }, { "cve": "CVE-2021-21695", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020343" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#listFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21695" }, { "category": "external", "summary": "RHBZ#2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21695", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links." }, { "cve": "CVE-2021-21696", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020344" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21696" }, { "category": "external", "summary": "RHBZ#2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21696", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21696" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin" }, { "cve": "CVE-2021-21697", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020345" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The directories agents are allowed to access include the directories where there are stored build-related information intended to allow agents to store build-related metadata during build execution. As a consequence, this allows an attacker who controls agent process to read and write the contents of any build directory stored in Jenkins with very few restrictions (build.xml and some Pipeline-related metadata).", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21697" }, { "category": "external", "summary": "RHBZ#2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21697", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21697" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories" }, { "cve": "CVE-2021-21698", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020385" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent\u0027s ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.6-3.rhaos4.7.git4603183.el8.x86_64", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-0:2.303.3.1637597018-1.el8.src", "8Base-RHOSE-4.7:openshift-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202111192046.p0.gaa025a0.assembly.stream.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21698" }, { "category": "external", "summary": "RHBZ#2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-12-01T12:28:59+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4801" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.noarch", "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1637600997-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key" } ] }
rhsa-2021_4833
Vulnerability from csaf_redhat
Published
2021-11-29 10:40
Modified
2024-11-06 00:11
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.9.9 security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.9.9 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.9. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2021:4834
Security Fix(es):
* jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key (CVE-2021-21698)
* jenkins: FilePath#mkdirs does not check permission to create parent directories (CVE-2021-21685)
* jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories (CVE-2021-21686)
* jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link (CVE-2021-21687)
* jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access (CVE-2021-21688)
* jenkins: FilePath#unzip and FilePath#untar were not subject to any access control (CVE-2021-21689)
* jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path (CVE-2021-21690)
* jenkins: Creating symbolic links is possible without the symlink permission (CVE-2021-21691)
* jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path (CVE-2021-21692)
* jenkins: When creating temporary files, permission to create files is only checked after they’ve been created. (CVE-2021-21693)
* jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions (CVE-2021-21694)
* jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links. (CVE-2021-21695)
* jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin (CVE-2021-21696)
* jenkins: Agent-to-controller access control allows reading/writing most content of build directories (CVE-2021-21697)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.9.9 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.9. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2021:4834\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key (CVE-2021-21698)\n* jenkins: FilePath#mkdirs does not check permission to create parent directories (CVE-2021-21685)\n* jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories (CVE-2021-21686)\n* jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link (CVE-2021-21687)\n* jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access (CVE-2021-21688)\n* jenkins: FilePath#unzip and FilePath#untar were not subject to any access control (CVE-2021-21689)\n* jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path (CVE-2021-21690)\n* jenkins: Creating symbolic links is possible without the symlink permission (CVE-2021-21691)\n* jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path (CVE-2021-21692)\n* jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created. (CVE-2021-21693)\n* jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions (CVE-2021-21694)\n* jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links. (CVE-2021-21695)\n* jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin (CVE-2021-21696)\n* jenkins: Agent-to-controller access control allows reading/writing most content of build directories (CVE-2021-21697)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4833", "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4833.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.9.9 security update", "tracking": { "current_release_date": "2024-11-06T00:11:48+00:00", "generator": { "date": "2024-11-06T00:11:48+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:4833", "initial_release_date": "2021-11-29T10:40:21+00:00", "revision_history": [ { "date": "2021-11-29T10:40:21+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-11-29T10:40:21+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:11:48+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.9", "product": { "name": "Red Hat OpenShift Container Platform 4.9", "product_id": "7Server-RH7-RHOSE-4.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.9::el7" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.9", "product": { "name": "Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.9::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "product": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "product_id": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.22.1-4.rhaos4.9.gite3dfe61.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "product": { "name": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "product_id": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7?arch=src" } } }, { "category": "product_version", "name": "container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "product": { "name": "container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "product_id": "container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/container-selinux@2.170.0-2.rhaos4.9.el8?arch=src\u0026epoch=2" } } }, { "category": "product_version", "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "product": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "product_id": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-0:2.303.3.1637595827-1.el8.src", "product": { "name": "jenkins-0:2.303.3.1637595827-1.el8.src", "product_id": "jenkins-0:2.303.3.1637595827-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637595827-1.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "product_id": "jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.9.1637598812-1.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "product": { "name": "openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "product_id": "openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr@4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "product": { "name": "python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "product_id": "python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-sushy@3.12.1-0.20211122142104.806622c.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "product": { "name": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "product_id": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "product": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "product_id": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.22.1-4.rhaos4.9.gite3dfe61.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "product": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "product_id": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.22.1-4.rhaos4.9.gite3dfe61.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "product": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "product_id": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product_id": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product_id": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product_id": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "product_id": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "product": { "name": "container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "product_id": "container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/container-selinux@2.170.0-2.rhaos4.9.el8?arch=noarch\u0026epoch=2" } } }, { "category": "product_version", "name": "jenkins-0:2.303.3.1637595827-1.el8.noarch", "product": { "name": "jenkins-0:2.303.3.1637595827-1.el8.noarch", "product_id": "jenkins-0:2.303.3.1637595827-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.303.3.1637595827-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.9.1637598812-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-common@4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product": { "name": "python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_id": "python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "product": { "name": "python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "product_id": "python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-sushy@3.12.1-0.20211122142104.806622c.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch", "product": { "name": "python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch", "product_id": "python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-sushy-tests@3.12.1-0.20211122142104.806622c.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product_id": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product_id": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product_id": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=aarch64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "product": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "product_id": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product_id": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product_id": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product_id": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "product": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "product_id": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product_id": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product_id": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product_id": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.22.1-4.rhaos4.9.gite3dfe61.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "product": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "product_id": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src" }, "product_reference": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64" }, "product_reference": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src" }, "product_reference": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64" }, "product_reference": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch" }, "product_reference": "container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-selinux-2:2.170.0-2.rhaos4.9.el8.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src" }, "product_reference": "container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64" }, "product_reference": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le" }, "product_reference": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x" }, "product_reference": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src" }, "product_reference": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64" }, "product_reference": "cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64" }, "product_reference": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le" }, "product_reference": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x" }, "product_reference": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64" }, "product_reference": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le" }, "product_reference": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x" }, "product_reference": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64" }, "product_reference": "cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637595827-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch" }, "product_reference": "jenkins-0:2.303.3.1637595827-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.303.3.1637595827-1.el8.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" }, "product_reference": "jenkins-0:2.303.3.1637595827-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.9.1637598812-1.el8.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src" }, "product_reference": "openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64" }, "product_reference": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x" }, "product_reference": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src" }, "product_reference": "openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src" }, "product_reference": "python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch" }, "product_reference": "python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch" }, "product_reference": "python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" }, "product_reference": "python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-21685", "cwe": { "id": "CWE-281", "name": "Improper Preservation of Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020322" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#mkdirs does not check permission to create parent directories, which may allow an attacker who controls the agent process to get read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#mkdirs does not check permission to create parent directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21685" }, { "category": "external", "summary": "RHBZ#2020322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020322" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21685", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21685" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#mkdirs does not check permission to create parent directories" }, { "cve": "CVE-2021-21686", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020323" } ], "notes": [ { "category": "description", "text": "A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21686" }, { "category": "external", "summary": "RHBZ#2020323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21686", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21686" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21686" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories" }, { "cve": "CVE-2021-21687", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020324" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21687" }, { "category": "external", "summary": "RHBZ#2020324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21687", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21687" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link" }, { "cve": "CVE-2021-21688", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020327" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The FilePath#reading(FileVisitor) does not reject any operations giving users unrestricted read access with certain operations (creating archives, #copyRecursiveTo). This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21688" }, { "category": "external", "summary": "RHBZ#2020327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21688", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21688" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21688" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#reading(FileVisitor) does not reject any operations allowing users to have unrestricted read access" }, { "cve": "CVE-2021-21689", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020335" } ], "notes": [ { "category": "description", "text": "An incorrect access control vulnerability was found in Jenkins. The FilePath#unzip and FilePath#untar were not subjected to any access control. An attacker with access to FilePath#unzip or FilePath#untar operations is able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21689" }, { "category": "external", "summary": "RHBZ#2020335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020335" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21689", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21689" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21689" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#unzip and FilePath#untar were not subject to any access control" }, { "cve": "CVE-2021-21690", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020336" } ], "notes": [ { "category": "description", "text": "A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21690" }, { "category": "external", "summary": "RHBZ#2020336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020336" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21690" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path" }, { "cve": "CVE-2021-21691", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020338" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jenkins which failed to correctly validate permissions. This flaw allowed any user to create symbolic links regardless if they had the symlink permission. It may allow an attacker to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Creating symbolic links is possible without the symlink permission", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21691" }, { "category": "external", "summary": "RHBZ#2020338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020338" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21691", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21691" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21691" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Creating symbolic links is possible without the symlink permission" }, { "cve": "CVE-2021-21692", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020339" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21692" }, { "category": "external", "summary": "RHBZ#2020339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020339" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21692", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21692" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path" }, { "cve": "CVE-2021-21693", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020341" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The permissions to create temporary files are only checked after they have been created. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21693" }, { "category": "external", "summary": "RHBZ#2020341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21693", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21693" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: When creating temporary files, permission to create files is only checked after they\u2019ve been created." }, { "cve": "CVE-2021-21694", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020342" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions, which may allow an attacker who has access to any of these operations to be able to read and write arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21694" }, { "category": "external", "summary": "RHBZ#2020342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21694", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21694" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21694" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions" }, { "cve": "CVE-2021-21695", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020343" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. The FilePath#listFiles lists files outside directories with agent read access when following symbolic links. This may allow an attacker to get access to restricted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21695" }, { "category": "external", "summary": "RHBZ#2020343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21695", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21695" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links." }, { "cve": "CVE-2021-21696", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020344" } ], "notes": [ { "category": "description", "text": "An incorrect permissions validation vulnerability was found in Jenkins. An agent process read/write access to the libs/ directory inside build directories when using the FilePath APIs is not limited. This allows attackers in control of agent processes to replace the code of a trusted library with a modified variant, resulting in unsandboxed code execution in the Jenkins controller process.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21696" }, { "category": "external", "summary": "RHBZ#2020344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21696", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21696" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21696" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin" }, { "cve": "CVE-2021-21697", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020345" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in Jenkins. The directories agents are allowed to access include the directories where there are stored build-related information intended to allow agents to store build-related metadata during build execution. As a consequence, this allows an attacker who controls agent process to read and write the contents of any build directory stored in Jenkins with very few restrictions (build.xml and some Pipeline-related metadata).", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21697" }, { "category": "external", "summary": "RHBZ#2020345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020345" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21697", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21697" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21697" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: Agent-to-controller access control allows reading/writing most content of build directories" }, { "cve": "CVE-2021-21698", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-11-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2020385" } ], "notes": [ { "category": "description", "text": "An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent\u0027s ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.src", "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el7.x86_64", "7Server-RH7-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el7.x86_64", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.noarch", "8Base-RHOSE-4.9:container-selinux-2:2.170.0-2.rhaos4.9.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.src", "8Base-RHOSE-4.9:cri-o-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.aarch64", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.ppc64le", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.s390x", "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.1-4.rhaos4.9.gite3dfe61.el8.x86_64", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-0:2.303.3.1637595827-1.el8.src", "8Base-RHOSE-4.9:openshift-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.aarch64", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.s390x", "8Base-RHOSE-4.9:openshift-hyperkube-0:4.9.0-202111231108.p0.g4dd1b5a.assembly.stream.el8.x86_64", "8Base-RHOSE-4.9:openshift-kuryr-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.src", "8Base-RHOSE-4.9:openshift-kuryr-cni-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-common-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:openshift-kuryr-controller-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python-sushy-0:3.12.1-0.20211122142104.806622c.el8.src", "8Base-RHOSE-4.9:python3-kuryr-kubernetes-0:4.9.0-202111221622.p0.g473fd0c.assembly.stream.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-0:3.12.1-0.20211122142104.806622c.el8.noarch", "8Base-RHOSE-4.9:python3-sushy-tests-0:3.12.1-0.20211122142104.806622c.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21698" }, { "category": "external", "summary": "RHBZ#2020385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020385" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" } ], "release_date": "2021-11-04T14:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-29T10:40:21+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4833" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1637598812-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key" } ] }
gsd-2021-21698
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2021-21698", "description": "Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.", "id": "GSD-2021-21698", "references": [ "https://access.redhat.com/errata/RHSA-2021:4833", "https://access.redhat.com/errata/RHSA-2021:4829", "https://access.redhat.com/errata/RHSA-2021:4827", "https://access.redhat.com/errata/RHSA-2021:4801", "https://access.redhat.com/errata/RHSA-2021:4799" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-21698" ], "details": "Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.", "id": "GSD-2021-21698", "modified": "2023-12-13T01:23:11.010744Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2021-21698", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Jenkins Subversion Plugin", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "unspecified", "version_value": "2.15.0" } ] } } ] }, "vendor_name": "Jenkins project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", "refsource": "MISC", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" }, { "name": "http://www.openwall.com/lists/oss-security/2021/11/04/3", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "(,2.15.0]", "affected_versions": "All versions up to 2.15.0", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cwe_ids": [ "CWE-1035", "CWE-22", "CWE-937" ], "date": "2021-11-08", "description": "Jenkins Subversion Plugin does not restrict the name of a file when looking up a subversion key file on the controller from an agent.", "fixed_versions": [], "identifier": "CVE-2021-21698", "identifiers": [ "CVE-2021-21698" ], "not_impacted": "", "package_slug": "maven/org.jenkins-ci.plugins/subversion", "pubdate": "2021-11-04", "solution": "Unfortunately, there is no solution available yet.", "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-21698", "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", "http://www.openwall.com/lists/oss-security/2021/11/04/3" ], "uuid": "ed4492ad-3d4f-44b6-9186-b6ad40a636c3" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:jenkins:subversion:*:*:*:*:*:jenkins:*:*", "cpe_name": [], "versionEndIncluding": "2.15.0", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2021-21698" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-22" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" }, { "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2023-11-22T21:22Z", "publishedDate": "2021-11-04T17:15Z" } } }
ghsa-q58j-fhj7-j6fg
Vulnerability from github
Published
2022-05-24 19:19
Modified
2022-12-16 22:58
Severity ?
Summary
Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files
Details
Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.
This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.
Subversion Plugin 2.15.1 checks for the presence of and prohibits directory separator characters as part of the file name, restricting it to the intended directory.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 2.15.0" }, "package": { "ecosystem": "Maven", "name": "org.jenkins-ci.plugins:subversion" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.15.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2021-21698" ], "database_specific": { "cwe_ids": [ "CWE-22" ], "github_reviewed": true, "github_reviewed_at": "2022-12-16T22:58:21Z", "nvd_published_at": "2021-11-04T17:15:00Z", "severity": "MODERATE" }, "details": "Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.\n\nThis allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.\n\nSubversion Plugin 2.15.1 checks for the presence of and prohibits directory separator characters as part of the file name, restricting it to the intended directory.", "id": "GHSA-q58j-fhj7-j6fg", "modified": "2022-12-16T22:58:21Z", "published": "2022-05-24T19:19:43Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21698" }, { "type": "WEB", "url": "https://github.com/jenkinsci/subversion-plugin/commit/7d1525edea6641a2febd3f7deeac55c0a89b0d7e" }, { "type": "PACKAGE", "url": "https://github.com/jenkinsci/subversion-plugin" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ], "summary": "Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files" }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.