Action not permitted
Modal body text goes here.
cve-2022-0552
Vulnerability from cvelistv5
Published
2022-04-11 19:38
Modified
2024-08-02 23:32
Severity ?
EPSS score ?
Summary
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2021-21409 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2052539 | Issue Tracking, Vendor Advisory | |
secalert@redhat.com | https://github.com/openshift/origin-aggregated-logging/commit/d6b72d6c32e7c06b65324294d10406546734004d | Patch, Third Party Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
n/a | origin-aggregated-logging/elasticsearch |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:32:46.206Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2021-21409" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/openshift/origin-aggregated-logging/commit/d6b72d6c32e7c06b65324294d10406546734004d" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "origin-aggregated-logging/elasticsearch", "vendor": "n/a", "versions": [ { "status": "affected", "version": "origin-aggregated-logging versions 3.11" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "CWE-444", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-11T19:38:32", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/cve/CVE-2021-21409" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/openshift/origin-aggregated-logging/commit/d6b72d6c32e7c06b65324294d10406546734004d" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-0552", "datePublished": "2022-04-11T19:38:32", "dateReserved": "2022-02-09T00:00:00", "dateUpdated": "2024-08-02T23:32:46.206Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-0552\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-04-11T20:15:16.493\",\"lastModified\":\"2023-02-12T22:15:20.927\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un fallo en la correcci\u00f3n original de netty-codec-http CVE-2021-21409, donde el contenedor OpenShift Logging openshift-logging/elasticsearch6-rhel8 estaba incompleto. El paquete maven vulnerable netty-codec-http no fue eliminado del contenido de la imagen. Este fallo afecta a origin-aggregated-logging versiones 3.11\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:origin-aggregated-logging:3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9162FF-D9D7-4658-853E-8AB0605CC632\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2021-21409\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2052539\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/openshift/origin-aggregated-logging/commit/d6b72d6c32e7c06b65324294d10406546734004d\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}" } }
rhsa-2022_0728
Vulnerability from csaf_redhat
Published
2022-03-02 12:49
Modified
2024-11-15 07:36
Summary
Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.2.8)
Notes
Topic
OpenShift Logging bug fix and security update (5.2.8)
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Logging bug fix and security update (5.2.8)
Security Fix(es):
* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)
* origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "OpenShift Logging bug fix and security update (5.2.8)\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Logging bug fix and security update (5.2.8)\n\nSecurity Fix(es):\n\n* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)\n\n* origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0728", "url": "https://access.redhat.com/errata/RHSA-2022:0728" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1930423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423" }, { "category": "external", "summary": "2052539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539" }, { "category": "external", "summary": "LOG-2180", "url": "https://issues.redhat.com/browse/LOG-2180" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0728.json" } ], "title": "Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.2.8)", "tracking": { "current_release_date": "2024-11-15T07:36:30+00:00", "generator": { "date": "2024-11-15T07:36:30+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0728", "initial_release_date": "2022-03-02T12:49:18+00:00", "revision_history": [ { "date": "2022-03-02T12:49:18+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-03-02T12:49:18+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:36:30+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Logging 5.2", "product": { "name": "OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.2::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.8-4" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.8-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-131" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-95" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-89" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-124" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x", "product_id": "openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-126" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x", "product_id": "openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-126" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x", "product_id": "openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-143" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.8-4" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.2.8-21" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.8-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64", "product": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64", "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.2.8-21" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-131" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-95" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-89" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-124" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-126" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64", "product_id": "openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-126" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64", "product_id": "openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-143" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.8-4" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.8-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-131" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-95" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-89" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-124" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le", "product_id": "openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-126" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le", "product_id": "openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-126" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le", "product_id": "openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-143" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64" }, "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64 as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x as a component of OpenShift Logging 5.2", "product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-28491", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-02-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1930423" } ], "notes": [ { "category": "description", "text": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jackson-dataformat-cbor.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nIn OCP 4.6 the openshift4/ose-logging-elasticsearch6 container delivers the vulnerable version of jackson-dataformat-cbor, but OCP 4.6 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support, hence this component is marked as ooss. Since the release of OCP 4.7 this component is delivered as part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8 container).\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28491" }, { "category": "external", "summary": "RHBZ#1930423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28491", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28491" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329", "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329" } ], "release_date": "2021-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-02T12:49:18+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0728" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception" }, { "cve": "CVE-2022-0552", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-02-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2052539" } ], "notes": [ { "category": "description", "text": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content.", "title": "Vulnerability description" }, { "category": "summary", "text": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE only applies to the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container image, shipped in OpenShift Logging 5.1, 5.2. and 5.3.\nhttps://access.redhat.com/errata/RHSA-2021:5128\nhttps://access.redhat.com/errata/RHSA-2021:5127\nhttps://access.redhat.com/errata/RHSA-2021:5129", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0552" }, { "category": "external", "summary": "RHBZ#2052539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0552", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0552" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2021-21409", "url": "https://access.redhat.com/security/cve/CVE-2021-21409" } ], "release_date": "2022-02-28T10:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-02T12:49:18+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0728" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409" } ] }
rhsa-2022_0727
Vulnerability from csaf_redhat
Published
2022-03-01 18:15
Modified
2024-11-15 07:36
Summary
Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.1.9)
Notes
Topic
OpenShift Logging bug fix and security update (5.1.9)
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Logging bug fix and security update (5.1.9)
Security Fix(es):
* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)
* origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "OpenShift Logging bug fix and security update (5.1.9)\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Logging bug fix and security update (5.1.9)\n\nSecurity Fix(es):\n\n* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)\n\n* origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0727", "url": "https://access.redhat.com/errata/RHSA-2022:0727" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1930423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423" }, { "category": "external", "summary": "2052539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539" }, { "category": "external", "summary": "LOG-2181", "url": "https://issues.redhat.com/browse/LOG-2181" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0727.json" } ], "title": "Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.1.9)", "tracking": { "current_release_date": "2024-11-15T07:36:22+00:00", "generator": { "date": "2024-11-15T07:36:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0727", "initial_release_date": "2022-03-01T18:15:33+00:00", "revision_history": [ { "date": "2022-03-01T18:15:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-03-01T18:15:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:36:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Logging 5.1", "product": { "name": "OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.1::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.9-5" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.9-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-125" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-120" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x", "product_id": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-120" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x", "product_id": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-123" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x", "product_id": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-139" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.9-5" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.9-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-125" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-120" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le", "product_id": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-120" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le", "product_id": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-123" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le", "product_id": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-139" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.9-5" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.1.9-21" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.9-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64", "product": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64", "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.1.9-22" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-125" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-120" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-120" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64", "product_id": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-123" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64", "product_id": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-139" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64" }, "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-28491", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-02-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1930423" } ], "notes": [ { "category": "description", "text": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jackson-dataformat-cbor.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nIn OCP 4.6 the openshift4/ose-logging-elasticsearch6 container delivers the vulnerable version of jackson-dataformat-cbor, but OCP 4.6 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support, hence this component is marked as ooss. Since the release of OCP 4.7 this component is delivered as part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8 container).\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28491" }, { "category": "external", "summary": "RHBZ#1930423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28491", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28491" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329", "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329" } ], "release_date": "2021-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-01T18:15:33+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0727" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception" }, { "cve": "CVE-2022-0552", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-02-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2052539" } ], "notes": [ { "category": "description", "text": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content.", "title": "Vulnerability description" }, { "category": "summary", "text": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE only applies to the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container image, shipped in OpenShift Logging 5.1, 5.2. and 5.3.\nhttps://access.redhat.com/errata/RHSA-2021:5128\nhttps://access.redhat.com/errata/RHSA-2021:5127\nhttps://access.redhat.com/errata/RHSA-2021:5129", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0552" }, { "category": "external", "summary": "RHBZ#2052539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0552", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0552" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2021-21409", "url": "https://access.redhat.com/security/cve/CVE-2021-21409" } ], "release_date": "2022-02-28T10:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-01T18:15:33+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0727" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409" } ] }
rhsa-2022_0721
Vulnerability from csaf_redhat
Published
2022-03-01 14:05
Modified
2024-11-15 07:36
Summary
Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.3.5)
Notes
Topic
OpenShift Logging bug fix and security update (5.3.5)
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Logging bug fix and security update (5.3.5)
Security Fix(es):
* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)
* origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "OpenShift Logging bug fix and security update (5.3.5)\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Logging bug fix and security update (5.3.5)\n\nSecurity Fix(es):\n\n* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)\n\n* origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0721", "url": "https://access.redhat.com/errata/RHSA-2022:0721" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1930423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423" }, { "category": "external", "summary": "2052539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539" }, { "category": "external", "summary": "LOG-2182", "url": "https://issues.redhat.com/browse/LOG-2182" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0721.json" } ], "title": "Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.3.5)", "tracking": { "current_release_date": "2024-11-15T07:36:14+00:00", "generator": { "date": "2024-11-15T07:36:14+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:0721", "initial_release_date": "2022-03-01T14:05:10+00:00", "revision_history": [ { "date": "2022-03-01T14:05:10+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-03-01T14:05:10+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T07:36:14+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Logging 5.3", "product": { "name": "OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.3::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.5-4" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.5-4" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-130" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-94" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-88" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-123" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x", "product_id": "openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-125" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x", "product_id": "openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-124" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x", "product_id": "openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-142" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.5-4" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.3.5-20" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.5-4" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64", "product": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64", "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.3.5-20" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-130" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-94" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-88" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-123" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-125" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64", "product_id": "openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-124" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64", "product_id": "openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-142" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.5-4" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.5-4" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-130" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-94" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-88" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-123" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le", "product_id": "openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-125" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le", "product_id": "openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-124" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le", "product_id": "openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-142" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64" }, "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64 as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le as a component of OpenShift Logging 5.3", "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-28491", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-02-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1930423" } ], "notes": [ { "category": "description", "text": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jackson-dataformat-cbor.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nIn OCP 4.6 the openshift4/ose-logging-elasticsearch6 container delivers the vulnerable version of jackson-dataformat-cbor, but OCP 4.6 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support, hence this component is marked as ooss. Since the release of OCP 4.7 this component is delivered as part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8 container).\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28491" }, { "category": "external", "summary": "RHBZ#1930423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28491", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28491" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329", "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329" } ], "release_date": "2021-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-01T14:05:10+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0721" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception" }, { "cve": "CVE-2022-0552", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-02-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2052539" } ], "notes": [ { "category": "description", "text": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content.", "title": "Vulnerability description" }, { "category": "summary", "text": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE only applies to the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container image, shipped in OpenShift Logging 5.1, 5.2. and 5.3.\nhttps://access.redhat.com/errata/RHSA-2021:5128\nhttps://access.redhat.com/errata/RHSA-2021:5127\nhttps://access.redhat.com/errata/RHSA-2021:5129", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0552" }, { "category": "external", "summary": "RHBZ#2052539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0552", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0552" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2021-21409", "url": "https://access.redhat.com/security/cve/CVE-2021-21409" } ], "release_date": "2022-02-28T10:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-01T14:05:10+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0721" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64", "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409" } ] }
gsd-2022-0552
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2022-0552", "description": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11.", "id": "GSD-2022-0552", "references": [ "https://access.redhat.com/errata/RHSA-2022:0728", "https://access.redhat.com/errata/RHSA-2022:0727", "https://access.redhat.com/errata/RHSA-2022:0721" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-0552" ], "details": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11.", "id": "GSD-2022-0552", "modified": "2023-12-13T01:19:11.998774Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-0552", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "origin-aggregated-logging/elasticsearch", "version": { "version_data": [ { "version_affected": "=", "version_value": "origin-aggregated-logging versions 3.11" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-444", "lang": "eng", "value": "CWE-444" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539" }, { "name": "https://access.redhat.com/security/cve/CVE-2021-21409", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2021-21409" }, { "name": "https://github.com/openshift/origin-aggregated-logging/commit/d6b72d6c32e7c06b65324294d10406546734004d", "refsource": "MISC", "url": "https://github.com/openshift/origin-aggregated-logging/commit/d6b72d6c32e7c06b65324294d10406546734004d" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:origin-aggregated-logging:3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-0552" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-444" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/openshift/origin-aggregated-logging/commit/d6b72d6c32e7c06b65324294d10406546734004d", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/openshift/origin-aggregated-logging/commit/d6b72d6c32e7c06b65324294d10406546734004d" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539", "refsource": "MISC", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539" }, { "name": "https://access.redhat.com/security/cve/CVE-2021-21409", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://access.redhat.com/security/cve/CVE-2021-21409" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6 } }, "lastModifiedDate": "2023-02-12T22:15Z", "publishedDate": "2022-04-11T20:15Z" } } }
ghsa-4r7g-fj95-jwpc
Vulnerability from github
Published
2022-04-12 00:00
Modified
2022-04-19 00:01
Severity ?
Details
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11.
{ "affected": [], "aliases": [ "CVE-2022-0552" ], "database_specific": { "cwe_ids": [ "CWE-444" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2022-04-11T20:15:00Z", "severity": "MODERATE" }, "details": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11.", "id": "GHSA-4r7g-fj95-jwpc", "modified": "2022-04-19T00:01:27Z", "published": "2022-04-12T00:00:32Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552" }, { "type": "WEB", "url": "https://github.com/openshift/origin-aggregated-logging/commit/d6b72d6c32e7c06b65324294d10406546734004d" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2022:0721" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2022:0727" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2022:0728" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2021-21409" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2022-0552" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.