Action not permitted
Modal body text goes here.
cve-2021-3529
Vulnerability from cvelistv5
Published
2021-06-02 16:10
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1950479 | Issue Tracking, Third Party Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | noobaa-core |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950479"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "noobaa-core",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "noobaa 5.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application\u0027s response. The highest threat to the system is for confidentiality, availability, and integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-02T16:10:51",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950479"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "noobaa-core",
"version": {
"version_data": [
{
"version_value": "noobaa 5.7.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application\u0027s response. The highest threat to the system is for confidentiality, availability, and integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1950479",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950479"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3529",
"datePublished": "2021-06-02T16:10:51",
"dateReserved": "2021-04-30T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-3529\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-06-02T17:15:08.660\",\"lastModified\":\"2021-06-15T16:48:52.097\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application\u0027s response. The highest threat to the system is for confidentiality, availability, and integrity.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un fallo en noobaa-core en versiones anteriores a 5.7.0. Este fallo resulta en el nombre de una URL arbitraria que se copia en un documento HTML como texto plano entre etiquetas, incluyendo potencialmente un script de carga \u00fatil. La entrada se repite sin modificar en la respuesta de la aplicaci\u00f3n, resultando que se inyecte JavaScript arbitrario en la respuesta de una aplicaci\u00f3n. La mayor amenaza para el sistema es para la confidencialidad, la disponibilidad y la integridad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:noobaa-operator:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.7.0\",\"matchCriteriaId\":\"6184F51F-4187-4A72-9FF7-61B03CC5EF19\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1950479\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]}]}}"
}
}
gsd-2021-3529
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-3529",
"description": "A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application\u0027s response. The highest threat to the system is for confidentiality, availability, and integrity.",
"id": "GSD-2021-3529",
"references": [
"https://access.redhat.com/errata/RHBA-2021:3003"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-3529"
],
"details": "A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application\u0027s response. The highest threat to the system is for confidentiality, availability, and integrity.",
"id": "GSD-2021-3529",
"modified": "2023-12-13T01:23:35.032785Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "noobaa-core",
"version": {
"version_data": [
{
"version_value": "noobaa 5.7.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application\u0027s response. The highest threat to the system is for confidentiality, availability, and integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1950479",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950479"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:noobaa-operator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3529"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application\u0027s response. The highest threat to the system is for confidentiality, availability, and integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1950479",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950479"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
},
"lastModifiedDate": "2021-06-15T16:48Z",
"publishedDate": "2021-06-02T17:15Z"
}
}
}
rhba-2021_3003
Vulnerability from csaf_redhat
Published
2021-08-03 18:15
Modified
2024-11-13 22:07
Summary
Red Hat Bug Fix Advisory: Red Hat OpenShift Container Storage 4.8.0 container images bug fix and enhancement update
Notes
Topic
Updated images that include numerous bug fixes and enhancements are now available for Red Hat OpenShift Container Storage 4.8.0 on Red Hat Enterprise Linux 8.
Details
Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.
These updated images include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s
torage/4.8/html/4.8_release_notes/index
All Red Hat OpenShift Container Storage users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images that include numerous bug fixes and enhancements are now available for Red Hat OpenShift Container Storage 4.8.0 on Red Hat Enterprise Linux 8.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.\n\nThese updated images include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_container_s\ntorage/4.8/html/4.8_release_notes/index\n\nAll Red Hat OpenShift Container Storage users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2021:3003",
"url": "https://access.redhat.com/errata/RHBA-2021:3003"
},
{
"category": "external",
"summary": "1819483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819483"
},
{
"category": "external",
"summary": "1848278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848278"
},
{
"category": "external",
"summary": "1918783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918783"
},
{
"category": "external",
"summary": "1923819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923819"
},
{
"category": "external",
"summary": "1924946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924946"
},
{
"category": "external",
"summary": "1924949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924949"
},
{
"category": "external",
"summary": "1929209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929209"
},
{
"category": "external",
"summary": "1934633",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934633"
},
{
"category": "external",
"summary": "1936388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936388"
},
{
"category": "external",
"summary": "1936858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936858"
},
{
"category": "external",
"summary": "1937604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937604"
},
{
"category": "external",
"summary": "1938112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1938112"
},
{
"category": "external",
"summary": "1939007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939007"
},
{
"category": "external",
"summary": "1940312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940312"
},
{
"category": "external",
"summary": "1943280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943280"
},
{
"category": "external",
"summary": "1944158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944158"
},
{
"category": "external",
"summary": "1944410",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944410"
},
{
"category": "external",
"summary": "1946595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946595"
},
{
"category": "external",
"summary": "1947796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947796"
},
{
"category": "external",
"summary": "1948378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948378"
},
{
"category": "external",
"summary": "1950225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950225"
},
{
"category": "external",
"summary": "1950419",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950419"
},
{
"category": "external",
"summary": "1952344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952344"
},
{
"category": "external",
"summary": "1953572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953572"
},
{
"category": "external",
"summary": "1955831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955831"
},
{
"category": "external",
"summary": "1956232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956232"
},
{
"category": "external",
"summary": "1956256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956256"
},
{
"category": "external",
"summary": "1957712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957712"
},
{
"category": "external",
"summary": "1958373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958373"
},
{
"category": "external",
"summary": "1959257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959257"
},
{
"category": "external",
"summary": "1959964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959964"
},
{
"category": "external",
"summary": "1961517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961517"
},
{
"category": "external",
"summary": "1961647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961647"
},
{
"category": "external",
"summary": "1962109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962109"
},
{
"category": "external",
"summary": "1962207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962207"
},
{
"category": "external",
"summary": "1962278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962278"
},
{
"category": "external",
"summary": "1962751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962751"
},
{
"category": "external",
"summary": "1962755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962755"
},
{
"category": "external",
"summary": "1963134",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963134"
},
{
"category": "external",
"summary": "1963191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963191"
},
{
"category": "external",
"summary": "1964238",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964238"
},
{
"category": "external",
"summary": "1964373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964373"
},
{
"category": "external",
"summary": "1964467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964467"
},
{
"category": "external",
"summary": "1965290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965290"
},
{
"category": "external",
"summary": "1966149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966149"
},
{
"category": "external",
"summary": "1966661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966661"
},
{
"category": "external",
"summary": "1966999",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966999"
},
{
"category": "external",
"summary": "1967628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967628"
},
{
"category": "external",
"summary": "1967837",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967837"
},
{
"category": "external",
"summary": "1967877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967877"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhba-2021_3003.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat OpenShift Container Storage 4.8.0 container images bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-11-13T22:07:35+00:00",
"generator": {
"date": "2024-11-13T22:07:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHBA-2021:3003",
"initial_release_date": "2021-08-03T18:15:00+00:00",
"revision_history": [
{
"date": "2021-08-03T18:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-08-03T18:15:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-13T22:07:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product": {
"name": "Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_container_storage:4.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Container Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"product_id": "ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=4.8-125.01872cc.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"product_id": "ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=5.8.0-38.e060925.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"product_id": "ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=5.8.0-27.4a6ca5f.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"product_id": "ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=4.8.0-5"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"product_id": "ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=4.8-167.9a9db5f.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=4.8-20.ab575a2.release_v0.1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"product_id": "ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=4.8-125.01872cc.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"product_id": "ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=5.8.0-38.e060925.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"product_id": "ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=5.8.0-27.4a6ca5f.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"product_id": "ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=4.8.0-5"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"product_id": "ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=4.8-167.9a9db5f.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=4.8-20.ab575a2.release_v0.1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"product_id": "ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=4.8-125.01872cc.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"product_id": "ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=5.8.0-38.e060925.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"product_id": "ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=5.8.0-27.4a6ca5f.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"product_id": "ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=4.8.0-5"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"product_id": "ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=4.8-167.9a9db5f.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=4.8-20.ab575a2.release_v0.1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Kubernetes Product Security Committee"
]
},
{
"names": [
"Patrick Rhomberg"
],
"organization": "purelyapplied",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-8565",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2020-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1886638"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like `kubectl`. Previously, CVE-2019-11250 was assigned for the same issue for logging levels of at least 4.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel \u003e= 9",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform 4 does not support LogLevels higher than 8 (via \u0027TraceAll\u0027), and is therefore not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8565"
},
{
"category": "external",
"summary": "RHBZ#1886638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886638"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8565"
},
{
"category": "external",
"summary": "https://github.com/kubernetes/kubernetes/issues/95623",
"url": "https://github.com/kubernetes/kubernetes/issues/95623"
},
{
"category": "external",
"summary": "https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk",
"url": "https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk"
}
],
"release_date": "2020-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-03T18:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:3003"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel \u003e= 9"
},
{
"cve": "CVE-2021-3529",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1950479"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in noobaa-core. This flaw results in the name of an arbitrary URL copied into an HTML document as plain text between tags, including a potential payload script. The input is echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application\u0027s response. The highest threat to the system is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "noobaa-core: Cross-site scripting vulnerability with noobaa management URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3529"
},
{
"category": "external",
"summary": "RHBZ#1950479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3529",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3529"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3529",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3529"
}
],
"release_date": "2021-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-03T18:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:3003"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "noobaa-core: Cross-site scripting vulnerability with noobaa management URL"
},
{
"cve": "CVE-2021-27918",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2021-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937901"
}
],
"notes": [
{
"category": "description",
"text": "An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), Red Hat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization all bundle vulnerable versions of the golang standard library (stdlib). However, no component within each product utilizes the function xml.NewTokenDecoder which is a requirement to be vulnerable. Hence, all affected components are marked as \"Will not fix\". Additionally no OCP container has been listed, as nearly all available containers are compiled with an affected version of Go, but do not utilize the function xml.NewTokenDecoder.\n\nRed Hat Ceph Storage (RHCS), Red Hat Gluster Storage 3 and OpenShift Container Storage 4 also bundles a vulnerable version of golang standard library \u0027encoding/xml\u0027, but does not utilize the function xml.NewTokenDecoder, and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27918"
},
{
"category": "external",
"summary": "RHBZ#1937901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw",
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
}
],
"release_date": "2021-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-03T18:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:3003"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader"
}
]
}
ghsa-cr32-cm8v-9pww
Vulnerability from github
Published
2022-05-24 19:03
Modified
2022-05-24 19:03
Details
A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity.
{
"affected": [],
"aliases": [
"CVE-2021-3529"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-02T17:15:00Z",
"severity": "CRITICAL"
},
"details": "A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application\u0027s response. The highest threat to the system is for confidentiality, availability, and integrity.",
"id": "GHSA-cr32-cm8v-9pww",
"modified": "2022-05-24T19:03:51Z",
"published": "2022-05-24T19:03:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3529"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950479"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.