Action not permitted
Modal body text goes here.
cve-2022-21673
Vulnerability from cvelistv5
Published
2022-01-18 21:35
Modified
2024-08-03 02:46
Severity
Summary
OAuth Identity Token exposure in Grafana
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grafana/grafana/releases/tag/v7.5.13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grafana/grafana/releases/tag/v8.3.4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220303-0004/"
},
{
"name": "FEDORA-2022-83405f9d5b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/"
},
{
"name": "FEDORA-2022-9dd03cab55",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/"
},
{
"name": "FEDORA-2022-c5383675d9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "grafana",
"vendor": "grafana",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.2.0, \u003c 7.5.13"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-07T07:06:34",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grafana/grafana/releases/tag/v7.5.13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grafana/grafana/releases/tag/v8.3.4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220303-0004/"
},
{
"name": "FEDORA-2022-83405f9d5b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/"
},
{
"name": "FEDORA-2022-9dd03cab55",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/"
},
{
"name": "FEDORA-2022-c5383675d9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/"
}
],
"source": {
"advisory": "GHSA-8wjh-59cw-9xh4",
"discovery": "UNKNOWN"
},
"title": "OAuth Identity Token exposure in Grafana",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21673",
"STATE": "PUBLIC",
"TITLE": "OAuth Identity Token exposure in Grafana"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grafana",
"version": {
"version_data": [
{
"version_value": "\u003e= 7.2.0, \u003c 7.5.13"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.3.4"
}
]
}
}
]
},
"vendor_name": "grafana"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4",
"refsource": "CONFIRM",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4"
},
{
"name": "https://github.com/grafana/grafana/releases/tag/v7.5.13",
"refsource": "MISC",
"url": "https://github.com/grafana/grafana/releases/tag/v7.5.13"
},
{
"name": "https://github.com/grafana/grafana/releases/tag/v8.3.4",
"refsource": "MISC",
"url": "https://github.com/grafana/grafana/releases/tag/v8.3.4"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220303-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220303-0004/"
},
{
"name": "FEDORA-2022-83405f9d5b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/"
},
{
"name": "FEDORA-2022-9dd03cab55",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/"
},
{
"name": "FEDORA-2022-c5383675d9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/"
}
]
},
"source": {
"advisory": "GHSA-8wjh-59cw-9xh4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21673",
"datePublished": "2022-01-18T21:35:10",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-03T02:46:39.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-21673\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-01-18T22:15:07.873\",\"lastModified\":\"2023-11-07T03:43:40.340\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.\"},{\"lang\":\"es\",\"value\":\"Grafana es una plataforma de c\u00f3digo abierto para la monitorizaci\u00f3n y la observabilidad. En las versiones afectadas, cuando una fuente de datos tiene habilitada la funcionalidad Forward OAuth Identity, el env\u00edo de una consulta a esa fuente de datos con un token de API (y sin otras credenciales de usuario) reenviar\u00e1 la OAuth Identity del usuario que haya iniciado sesi\u00f3n m\u00e1s recientemente. Esto puede permitir a poseedores de tokens de API recuperar datos a los que no presentan acceso previsto. Este ataque depende de que la instancia de Grafana tenga fuentes de datos que soporten la funcionalidad Forward OAuth Identity, de que la instancia de Grafana tenga una fuente de datos con la funci\u00f3n Forward OAuth Identity activada, de que la instancia de Grafana tenga OAuth habilitado y de que la instancia de Grafana tenga claves de API usables. Este problema ha sido corregido en las versiones 7.5.13 y 8.3.4\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.5},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndExcluding\":\"7.5.13\",\"matchCriteriaId\":\"DB832562-836C-4E18-8086-1260790CD2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.3.4\",\"matchCriteriaId\":\"4FE88214-73A3-43A6-9858-F8CDE027D1FA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}],\"references\":[{\"url\":\"https://github.com/grafana/grafana/releases/tag/v7.5.13\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/grafana/grafana/releases/tag/v8.3.4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220303-0004/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
rhsa-2022_0056
Vulnerability from csaf_redhat
Published
2022-03-10 16:00
Modified
2022-12-21 16:23
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.10.3 security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.10.3 is now available with
updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.10.3. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHSA-2022:0055
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* grafana: Snapshot authentication bypass (CVE-2021-39226)
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
* grafana: directory traversal vulnerability (CVE-2021-43813)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
You may download the oc tool and use it to inspect release image metadata
as follows:
(For x86_64 architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.10.3-x86_64
The image digest is
sha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56
(For s390x architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.10.3-s390x
The image digest is
sha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69
(For ppc64le architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le
The image digest is
sha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c
All OpenShift Container Platform 4.10 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.10.3 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.10.3. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2022:0055\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-x86_64\n\nThe image digest is\nsha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-s390x\n\nThe image digest is\nsha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le\n\nThe image digest is\nsha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0056",
"url": "https://access.redhat.com/errata/RHSA-2022:0056"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_0056.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.10.3 security update",
"tracking": {
"current_release_date": "2022-12-21T16:23:00Z",
"generator": {
"date": "2023-07-01T05:24:00Z",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.18.0"
}
},
"id": "RHSA-2022:0056",
"initial_release_date": "2022-03-10T16:00:00Z",
"revision_history": [
{
"date": "2022-12-21T16:23:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.10",
"product": {
"name": "Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"category": "product_version",
"name": "openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"product": {
"name": "openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"product_id": "openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"product": {
"name": "openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"product_id": "openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"product": {
"name": "openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"product_id": "openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"product": {
"name": "openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"product_id": "openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"product": {
"name": "openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"product_id": "openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"product": {
"name": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"product_id": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"product": {
"name": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"product_id": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"product": {
"name": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"product_id": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"product": {
"name": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"product_id": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"product": {
"name": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"product_id": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"product": {
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"product": {
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"product": {
"name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"product_id": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"product": {
"name": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"product_id": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"product": {
"name": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"product_id": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"product": {
"name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"product_id": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"product": {
"name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"product_id": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"product": {
"name": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"product_id": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"product": {
"name": "openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"product_id": "openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"product": {
"name": "openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"product_id": "openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"product": {
"name": "openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"product_id": "openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"product": {
"name": "openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"product_id": "openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"product": {
"name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"product_id": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"product": {
"name": "openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"product_id": "openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"product": {
"name": "openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"product_id": "openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"product": {
"name": "openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"product_id": "openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"product": {
"name": "openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"product_id": "openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"product": {
"name": "openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"product_id": "openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"product_id": "openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"product_id": "openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"product_id": "openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"product_id": "openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"product_id": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"product_id": "openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"product_id": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"product_id": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"product_id": "openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"product_id": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"product_id": "openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"product_id": "openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"product_id": "openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"product_id": "openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"product_id": "openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"product_id": "openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"product_id": "openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"product_id": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"product_id": "openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"product_id": "openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"product_id": "openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"product_id": "openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"product_id": "openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"product_id": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"product_id": "openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"product_id": "openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"product_id": "openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"product_id": "openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"product": {
"name": "openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"product_id": "openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"product": {
"name": "openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"product_id": "openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"product": {
"name": "openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"product_id": "openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"product": {
"name": "openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"product_id": "openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"product": {
"name": "openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"product_id": "openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"product": {
"name": "openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"product_id": "openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"product": {
"name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"product_id": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"product": {
"name": "openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"product_id": "openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"product": {
"name": "openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"product_id": "openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"product": {
"name": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"product_id": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"product": {
"name": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"product_id": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"product_id": "openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"product_id": "openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"product_id": "openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"product_id": "openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"product_id": "openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"product": {
"name": "openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"product_id": "openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"product": {
"name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"product_id": "openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"product": {
"name": "openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"product_id": "openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"product": {
"name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"product_id": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"product": {
"name": "openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"product_id": "openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"product": {
"name": "openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"product_id": "openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"product": {
"name": "openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"product_id": "openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1"
}
},
{
"category": "product_version",
"name": "openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"product": {
"name": "openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"product_id": "openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"product": {
"name": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"product_id": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"product": {
"name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"product_id": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"product": {
"name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"product_id": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"product": {
"name": "openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"product_id": "openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"product": {
"name": "openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"product_id": "openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"product": {
"name": "openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"product_id": "openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"product": {
"name": "openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"product_id": "openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"product": {
"name": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"product_id": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"product": {
"name": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"product_id": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"product": {
"name": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"product_id": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"product": {
"name": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"product_id": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"product": {
"name": "openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"product_id": "openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"product": {
"name": "openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"product_id": "openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"product": {
"name": "openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"product_id": "openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"product": {
"name": "openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"product_id": "openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"product_id": "openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"product_id": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"product_id": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"product_id": "openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"product": {
"name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"product_id": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"product": {
"name": "openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"product_id": "openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"product": {
"name": "openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"product_id": "openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"product": {
"name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"product_id": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"product": {
"name": "openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"product_id": "openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"product": {
"name": "openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"product_id": "openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"product": {
"name": "openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"product_id": "openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"product": {
"name": "openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"product_id": "openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"product": {
"name": "openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"product_id": "openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"product": {
"name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"product_id": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"product": {
"name": "openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"product_id": "openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"product": {
"name": "openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"product_id": "openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"product": {
"name": "openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"product_id": "openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"product": {
"name": "openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"product_id": "openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"product": {
"name": "openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"product_id": "openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"product": {
"name": "openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"product_id": "openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"product": {
"name": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"product_id": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"product": {
"name": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"product_id": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"product": {
"name": "openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"product_id": "openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"product": {
"name": "openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"product_id": "openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"product": {
"name": "openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"product_id": "openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"product": {
"name": "openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"product_id": "openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"product": {
"name": "openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"product_id": "openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"product": {
"name": "openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"product_id": "openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"product": {
"name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"product_id": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"product": {
"name": "openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"product_id": "openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"product": {
"name": "openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"product_id": "openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"product": {
"name": "openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"product_id": "openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"product": {
"name": "openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"product_id": "openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"product": {
"name": "openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"product_id": "openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"product": {
"name": "openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"product_id": "openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"product": {
"name": "openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"product_id": "openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"product": {
"name": "openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"product_id": "openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"product": {
"name": "openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"product_id": "openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"product": {
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"product": {
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"product": {
"name": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"product_id": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"product": {
"name": "openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"product_id": "openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"product": {
"name": "openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"product_id": "openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"product": {
"name": "openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"product_id": "openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"product": {
"name": "openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"product_id": "openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"product": {
"name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"product_id": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"product": {
"name": "openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"product_id": "openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"product": {
"name": "openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"product_id": "openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"product": {
"name": "openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"product_id": "openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"product": {
"name": "openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"product_id": "openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"product": {
"name": "openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"product_id": "openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"product": {
"name": "openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"product_id": "openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"product": {
"name": "openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"product_id": "openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"product": {
"name": "openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"product_id": "openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"product": {
"name": "openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"product_id": "openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"product": {
"name": "openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"product_id": "openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"product": {
"name": "openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"product_id": "openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"product": {
"name": "openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"product_id": "openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"product": {
"name": "openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"product_id": "openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"product": {
"name": "openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"product_id": "openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"product": {
"name": "openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"product_id": "openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"product": {
"name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"product_id": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"product": {
"name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"product_id": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"product": {
"name": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"product_id": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"product": {
"name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"product_id": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"product": {
"name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"product_id": "openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"product": {
"name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"product_id": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"product": {
"name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"product_id": "openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"product": {
"name": "openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"product_id": "openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"product": {
"name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"product_id": "openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream"
}
},
{
"category": "product_version",
"name": "openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"product": {
"name": "openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"product_id": "openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
}
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream"
},
"product_reference": "openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream"
},
"product_reference": "openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream"
},
"product_reference": "openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream"
},
"product_reference": "openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream"
},
"product_reference": "openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream"
},
"product_reference": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream"
},
"product_reference": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream"
},
"product_reference": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream"
},
"product_reference": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream"
},
"product_reference": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream"
},
"product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream"
},
"product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream"
},
"product_reference": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream"
},
"product_reference": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream"
},
"product_reference": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream"
},
"product_reference": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream"
},
"product_reference": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream"
},
"product_reference": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream"
},
"product_reference": "openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream"
},
"product_reference": "openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream"
},
"product_reference": "openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream"
},
"product_reference": "openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream"
},
"product_reference": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream"
},
"product_reference": "openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream"
},
"product_reference": "openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream"
},
"product_reference": "openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream"
},
"product_reference": "openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream"
},
"product_reference": "openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream"
},
"product_reference": "openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream"
},
"product_reference": "openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream"
},
"product_reference": "openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream"
},
"product_reference": "openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream"
},
"product_reference": "openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream"
},
"product_reference": "openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream"
},
"product_reference": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream"
},
"product_reference": "openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream"
},
"product_reference": "openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream"
},
"product_reference": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream"
},
"product_reference": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream"
},
"product_reference": "openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream"
},
"product_reference": "openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream"
},
"product_reference": "openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream"
},
"product_reference": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream"
},
"product_reference": "openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream"
},
"product_reference": "openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1 as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1"
},
"product_reference": "openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream"
},
"product_reference": "openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream"
},
"product_reference": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream"
},
"product_reference": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream"
},
"product_reference": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream"
},
"product_reference": "openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream"
},
"product_reference": "openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream"
},
"product_reference": "openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream"
},
"product_reference": "openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream"
},
"product_reference": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream"
},
"product_reference": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream"
},
"product_reference": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream"
},
"product_reference": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream"
},
"product_reference": "openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream"
},
"product_reference": "openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream"
},
"product_reference": "openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream"
},
"product_reference": "openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream"
},
"product_reference": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream"
},
"product_reference": "openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream"
},
"product_reference": "openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream"
},
"product_reference": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream"
},
"product_reference": "openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream"
},
"product_reference": "openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream"
},
"product_reference": "openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream"
},
"product_reference": "openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream"
},
"product_reference": "openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream"
},
"product_reference": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream"
},
"product_reference": "openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream"
},
"product_reference": "openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream"
},
"product_reference": "openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream"
},
"product_reference": "openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream"
},
"product_reference": "openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream"
},
"product_reference": "openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream"
},
"product_reference": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream"
},
"product_reference": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream"
},
"product_reference": "openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream"
},
"product_reference": "openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream"
},
"product_reference": "openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream"
},
"product_reference": "openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream"
},
"product_reference": "openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream"
},
"product_reference": "openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream"
},
"product_reference": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream"
},
"product_reference": "openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream"
},
"product_reference": "openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream"
},
"product_reference": "openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream"
},
"product_reference": "openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream"
},
"product_reference": "openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream"
},
"product_reference": "openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream"
},
"product_reference": "openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream"
},
"product_reference": "openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream"
},
"product_reference": "openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream"
},
"product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream"
},
"product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream"
},
"product_reference": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream"
},
"product_reference": "openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream"
},
"product_reference": "openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream"
},
"product_reference": "openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream"
},
"product_reference": "openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream"
},
"product_reference": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream"
},
"product_reference": "openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream"
},
"product_reference": "openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream"
},
"product_reference": "openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream"
},
"product_reference": "openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream"
},
"product_reference": "openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream"
},
"product_reference": "openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream"
},
"product_reference": "openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream"
},
"product_reference": "openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream"
},
"product_reference": "openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream"
},
"product_reference": "openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream"
},
"product_reference": "openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream"
},
"product_reference": "openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream"
},
"product_reference": "openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream"
},
"product_reference": "openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream"
},
"product_reference": "openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream"
},
"product_reference": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream"
},
"product_reference": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream"
},
"product_reference": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream"
},
"product_reference": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream"
},
"product_reference": "openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream"
},
"product_reference": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream"
},
"product_reference": "openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
},
"product_reference": "openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream"
},
"product_reference": "openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
},
"product_reference": "openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"relates_to_product_reference": "8Base-RHOSE-4.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3121",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2021-01-28T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121"
},
{
"category": "external",
"summary": "CVE-2021-3121",
"url": "https://access.redhat.com/security/cve/CVE-2021-3121"
},
{
"category": "external",
"summary": "bz#1921650: CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
}
],
"release_date": "2021-01-11T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2022:0056"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-28T00:00:00Z",
"details": "Important"
}
],
"title": "CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation"
},
{
"cve": "CVE-2021-3749",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-31T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=1999784"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this vulnerability is system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Regular expression denial of service in trim function",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3749",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929",
"url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31",
"url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31"
},
{
"category": "external",
"summary": "CVE-2021-3749",
"url": "https://access.redhat.com/security/cve/CVE-2021-3749"
},
{
"category": "external",
"summary": "bz#1999784: Regular expression denial of service in trim function",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999784"
}
],
"release_date": "2021-08-31T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2022:0056"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-31T00:00:00Z",
"details": "Moderate"
}
],
"title": "Regular expression denial of service in trim function"
},
{
"cve": "CVE-2021-39226",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2021-10-05T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=2011063"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "An authentication bypass was found in grafana. An attacker on the network is able to view and delete snapshots by accessing a literal path.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Snapshot authentication bypass",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-39226",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39226"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39226",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39226"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-69j6-29vr-p3j9",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-69j6-29vr-p3j9"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/",
"url": "https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/"
},
{
"category": "external",
"summary": "CVE-2021-39226",
"url": "https://access.redhat.com/security/cve/CVE-2021-39226"
},
{
"category": "external",
"summary": "bz#2011063: CVE-2021-39226 grafana: Snapshot authentication bypass",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011063"
}
],
"release_date": "2021-10-05T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2022:0056"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-05T00:00:00Z",
"details": "Important"
}
],
"title": "CVE-2021-39226 grafana: Snapshot authentication bypass"
},
{
"cve": "CVE-2021-41772",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-11-04T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=2020736"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Reader.Open panics on empty string",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41772"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0fM21h43arc",
"url": "https://groups.google.com/g/golang-announce/c/0fM21h43arc"
},
{
"category": "external",
"summary": "CVE-2021-41772",
"url": "https://access.redhat.com/security/cve/CVE-2021-41772"
},
{
"category": "external",
"summary": "bz#2020736: CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020736"
}
],
"release_date": "2021-08-30T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2022:0056"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-11-04T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string"
},
{
"cve": "CVE-2021-43813",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2021-12-09T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=2031228"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43813"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/",
"url": "https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/"
},
{
"category": "external",
"summary": "CVE-2021-43813",
"url": "https://access.redhat.com/security/cve/CVE-2021-43813"
},
{
"category": "external",
"summary": "bz#2031228: CVE-2021-43813 grafana: directory traversal vulnerability",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031228"
}
],
"release_date": "2021-12-10T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2022:0056"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-09T00:00:00Z",
"details": "Low"
}
],
"title": "CVE-2021-43813 grafana: directory traversal vulnerability"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
},
{
"category": "external",
"summary": "CVE-2021-44716",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "bz#2030801: CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
}
],
"release_date": "2021-12-09T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2022:0056"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-09T00:00:00Z",
"details": "Important"
}
],
"title": "CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-09T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
},
{
"category": "external",
"summary": "CVE-2021-44717",
"url": "https://access.redhat.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "bz#2030806: CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
}
],
"release_date": "2021-12-09T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2022:0056"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-09T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error"
},
{
"cve": "CVE-2022-21673",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2022-01-24T00:00:00Z",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla",
"text": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628"
}
],
"notes": [
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
},
{
"category": "description",
"text": "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Forward OAuth Identity Token can allow users to access some data sources",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream"
],
"known_not_affected": [
"8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1",
"8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream",
"8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream"
]
},
"references": [
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/",
"url": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/"
},
{
"category": "external",
"summary": "CVE-2022-21673",
"url": "https://access.redhat.com/security/cve/CVE-2022-21673"
},
{
"category": "external",
"summary": "bz#2044628: CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628"
}
],
"release_date": "2022-01-18T00:00:00Z",
"remediations": [
{
"category": "vendor_fix",
"details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream"
],
"url": "https://access.redhat.com/errata/RHSA-2022:0056"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-24T00:00:00Z",
"details": "Moderate"
}
],
"title": "CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources"
}
]
}
rhsa-2022_6024
Vulnerability from csaf_redhat
Published
2022-08-09 20:31
Modified
2024-09-18 05:56
Summary
Red Hat Security Advisory: New container image for Red Hat Ceph Storage 5.2 Security update
Notes
Topic
A new container image for Red Hat Ceph Storage 5.2 is now available in the Red Hat Ecosystem Catalog.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform
that combines the most stable version of the Ceph storage system with a
Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 5.2 and Red Hat
Enterprise Linux 8.6 and Red Hat Enterprise Linux 9.
Space precludes documenting all of these changes in this advisory. Users
are directed to the Red Hat Ceph Storage Release Notes for information on
the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index
All users of Red Hat Ceph Storage are advised to pull these new images from
the Red Hat Ecosystem catalog, which provides numerous enhancements and bug
fixes.
Security Fix(es):
* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
* grafana: directory traversal vulnerability (CVE-2021-43813)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new container image for Red Hat Ceph Storage 5.2 is now available in the Red Hat Ecosystem Catalog.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform\nthat combines the most stable version of the Ceph storage system with a\nCeph management platform, deployment utilities, and support services.\n\nThis new container image is based on Red Hat Ceph Storage 5.2 and Red Hat\nEnterprise Linux 8.6 and Red Hat Enterprise Linux 9.\n\nSpace precludes documenting all of these changes in this advisory. Users\nare directed to the Red Hat Ceph Storage Release Notes for information on\nthe most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from\nthe Red Hat Ecosystem catalog, which provides numerous enhancements and bug\nfixes.\n\nSecurity Fix(es):\n\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6024",
"url": "https://access.redhat.com/errata/RHSA-2022:6024"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2031228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031228"
},
{
"category": "external",
"summary": "2044628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628"
},
{
"category": "external",
"summary": "2115198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115198"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_6024.json"
}
],
"title": "Red Hat Security Advisory: New container image for Red Hat Ceph Storage 5.2 Security update",
"tracking": {
"current_release_date": "2024-09-18T05:56:00+00:00",
"generator": {
"date": "2024-09-18T05:56:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2022:6024",
"initial_release_date": "2022-08-09T20:31:48+00:00",
"revision_history": [
{
"date": "2022-08-09T20:31:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-08-09T20:31:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-18T05:56:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 5.2 Tools",
"product": {
"name": "Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:5.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x",
"product": {
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x",
"product_id": "rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-dashboard-rhel8\u0026tag=5-56"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
"product": {
"name": "rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
"product_id": "rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel8\u0026tag=2.1.5-16"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
"product": {
"name": "rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
"product_id": "rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-rhel8\u0026tag=5-268"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
"product": {
"name": "rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
"product_id": "rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel8\u0026tag=2.2.19-9"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
"product": {
"name": "rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
"product_id": "rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel8\u0026tag=1.2.1-16"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
"product": {
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
"product_id": "rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-dashboard-rhel8\u0026tag=5-56"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
"product": {
"name": "rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
"product_id": "rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel8\u0026tag=2.1.5-16"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
"product": {
"name": "rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
"product_id": "rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-rhel8\u0026tag=5-268"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
"product": {
"name": "rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
"product_id": "rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel8\u0026tag=2.2.19-9"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le",
"product": {
"name": "rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le",
"product_id": "rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel8\u0026tag=1.2.1-16"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
"product": {
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
"product_id": "rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-dashboard-rhel8\u0026tag=5-56"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
"product": {
"name": "rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
"product_id": "rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel8\u0026tag=2.1.5-16"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
"product": {
"name": "rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
"product_id": "rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-rhel8\u0026tag=5-268"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
"product_id": "rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel8\u0026tag=2.2.19-9"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
"product": {
"name": "rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
"product_id": "rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel8\u0026tag=1.2.1-16"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x as a component of Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x"
},
"product_reference": "rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
"relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le as a component of Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le"
},
"product_reference": "rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
"relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64 as a component of Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64"
},
"product_reference": "rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
"relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64 as a component of Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64"
},
"product_reference": "rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
"relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le as a component of Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le"
},
"product_reference": "rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
"relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x as a component of Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x"
},
"product_reference": "rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x",
"relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64 as a component of Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64"
},
"product_reference": "rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
"relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x as a component of Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x"
},
"product_reference": "rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
"relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le as a component of Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le"
},
"product_reference": "rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
"relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x as a component of Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x"
},
"product_reference": "rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
"relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le as a component of Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le"
},
"product_reference": "rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
"relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64 as a component of Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
"relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x as a component of Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x"
},
"product_reference": "rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
"relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64 as a component of Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64"
},
"product_reference": "rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
"relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le as a component of Red Hat Ceph Storage 5.2 Tools",
"product_id": "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le"
},
"product_reference": "rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le",
"relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43813",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2031228"
}
],
"notes": [
{
"category": "description",
"text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x"
],
"known_not_affected": [
"8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43813"
},
{
"category": "external",
"summary": "RHBZ#2031228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031228"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43813"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/",
"url": "https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/"
}
],
"release_date": "2021-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6024"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "grafana: directory traversal vulnerability"
},
{
"cve": "CVE-2022-21673",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044628"
}
],
"notes": [
{
"category": "description",
"text": "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Forward OAuth Identity Token can allow users to access some data sources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x"
],
"known_not_affected": [
"8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
"8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21673"
},
{
"category": "external",
"summary": "RHBZ#2044628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/",
"url": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6024"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
"8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Forward OAuth Identity Token can allow users to access some data sources"
}
]
}
rhsa-2022_8057
Vulnerability from csaf_redhat
Published
2022-11-15 10:31
Modified
2024-09-18 05:55
Summary
Red Hat Security Advisory: grafana security, bug fix, and enhancement update
Notes
Topic
An update for grafana is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
The following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055349)
Security Fix(es):
* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* grafana: XSS vulnerability in data source handling (CVE-2022-21702)
* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)
* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nThe following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055349)\n\nSecurity Fix(es):\n\n* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* grafana: XSS vulnerability in data source handling (CVE-2022-21702)\n\n* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)\n\n* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8057",
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"
},
{
"category": "external",
"summary": "2044628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628"
},
{
"category": "external",
"summary": "2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "2050648",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050648"
},
{
"category": "external",
"summary": "2050742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050742"
},
{
"category": "external",
"summary": "2050743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050743"
},
{
"category": "external",
"summary": "2055349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055349"
},
{
"category": "external",
"summary": "2065290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290"
},
{
"category": "external",
"summary": "2104367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_8057.json"
}
],
"title": "Red Hat Security Advisory: grafana security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-09-18T05:55:24+00:00",
"generator": {
"date": "2024-09-18T05:55:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2022:8057",
"initial_release_date": "2022-11-15T10:31:43+00:00",
"revision_history": [
{
"date": "2022-11-15T10:31:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-15T10:31:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-18T05:55:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-3.el9.src",
"product": {
"name": "grafana-0:7.5.15-3.el9.src",
"product_id": "grafana-0:7.5.15-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-3.el9.aarch64",
"product": {
"name": "grafana-0:7.5.15-3.el9.aarch64",
"product_id": "grafana-0:7.5.15-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"product": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"product_id": "grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-3.el9.ppc64le",
"product": {
"name": "grafana-0:7.5.15-3.el9.ppc64le",
"product_id": "grafana-0:7.5.15-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"product": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"product_id": "grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-3.el9.x86_64",
"product": {
"name": "grafana-0:7.5.15-3.el9.x86_64",
"product_id": "grafana-0:7.5.15-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-3.el9.x86_64",
"product": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.x86_64",
"product_id": "grafana-debuginfo-0:7.5.15-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-3.el9.s390x",
"product": {
"name": "grafana-0:7.5.15-3.el9.s390x",
"product_id": "grafana-0:7.5.15-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-3.el9.s390x",
"product": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.s390x",
"product_id": "grafana-debuginfo-0:7.5.15-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64"
},
"product_reference": "grafana-0:7.5.15-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le"
},
"product_reference": "grafana-0:7.5.15-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x"
},
"product_reference": "grafana-0:7.5.15-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-3.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src"
},
"product_reference": "grafana-0:7.5.15-3.el9.src",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64"
},
"product_reference": "grafana-0:7.5.15-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64"
},
"product_reference": "grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le"
},
"product_reference": "grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x"
},
"product_reference": "grafana-debuginfo-0:7.5.15-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
},
"product_reference": "grafana-debuginfo-0:7.5.15-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23648",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-03-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2065290"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sanitize-url: XSS due to improper sanitization in sanitizeUrl function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23648"
},
{
"category": "external",
"summary": "RHBZ#2065290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648"
},
{
"category": "external",
"summary": "https://github.com/braintree/sanitize-url/pull/40",
"url": "https://github.com/braintree/sanitize-url/pull/40"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882",
"url": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882"
}
],
"release_date": "2022-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "sanitize-url: XSS due to improper sanitization in sanitizeUrl function"
},
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"cve": "CVE-2022-1962",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: stack exhaustion in all Parse* functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1962"
},
{
"category": "external",
"summary": "RHBZ#2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
},
{
"category": "external",
"summary": "https://go.dev/issue/53616",
"url": "https://go.dev/issue/53616"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: go/parser: stack exhaustion in all Parse* functions"
},
{
"cve": "CVE-2022-21673",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044628"
}
],
"notes": [
{
"category": "description",
"text": "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Forward OAuth Identity Token can allow users to access some data sources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21673"
},
{
"category": "external",
"summary": "RHBZ#2044628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/",
"url": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Forward OAuth Identity Token can allow users to access some data sources"
},
{
"cve": "CVE-2022-21698",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2045880"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "RHBZ#2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
"url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
},
{
"cve": "CVE-2022-21702",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050648"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting (XSS) attack. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: XSS vulnerability in data source handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21702"
},
{
"category": "external",
"summary": "RHBZ#2050648",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050648"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21702"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21702",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21702"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/",
"url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/"
}
],
"release_date": "2022-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
},
{
"category": "workaround",
"details": "Please refer to the Grafana upstream advisory for possible workarounds for this issue.",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: XSS vulnerability in data source handling"
},
{
"cve": "CVE-2022-21703",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2022-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050742"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site request forgery (CSRF) vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, editors or admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: CSRF vulnerability can lead to privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21703"
},
{
"category": "external",
"summary": "RHBZ#2050742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050742"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21703"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21703",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21703"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/",
"url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/"
}
],
"release_date": "2022-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
},
{
"category": "workaround",
"details": "Please refer to the Grafana upstream advisory for possible workarounds for this issue.",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: CSRF vulnerability can lead to privilege escalation"
},
{
"cve": "CVE-2022-21713",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"discovery_date": "2022-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050743"
}
],
"notes": [
{
"category": "description",
"text": "An Insecure Direct Object Reference (IDOR) vulnerability was found on Grafana Teams APIs. This flaw impacts the `/teams/:teamId`, `/teams/:search`, `/teams/:teamId/members` API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for teams and see the total number of available teams (including teams that the user does not have access to).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: IDOR vulnerability can lead to information disclosure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21713"
},
{
"category": "external",
"summary": "RHBZ#2050743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21713",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21713"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21713"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/",
"url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/"
}
],
"release_date": "2022-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: IDOR vulnerability can lead to information disclosure"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
}
]
}
rhsa-2022_7519
Vulnerability from csaf_redhat
Published
2022-11-08 09:34
Modified
2024-09-18 05:55
Summary
Red Hat Security Advisory: grafana security, bug fix, and enhancement update
Notes
Topic
An update for grafana is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
The following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055348)
Security Fix(es):
* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* grafana: XSS vulnerability in data source handling (CVE-2022-21702)
* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)
* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nThe following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055348)\n\nSecurity Fix(es):\n\n* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* grafana: XSS vulnerability in data source handling (CVE-2022-21702)\n\n* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)\n\n* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7519",
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
},
{
"category": "external",
"summary": "2044628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628"
},
{
"category": "external",
"summary": "2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "2050648",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050648"
},
{
"category": "external",
"summary": "2050742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050742"
},
{
"category": "external",
"summary": "2050743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050743"
},
{
"category": "external",
"summary": "2055348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055348"
},
{
"category": "external",
"summary": "2065290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_7519.json"
}
],
"title": "Red Hat Security Advisory: grafana security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-09-18T05:55:07+00:00",
"generator": {
"date": "2024-09-18T05:55:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2022:7519",
"initial_release_date": "2022-11-08T09:34:04+00:00",
"revision_history": [
{
"date": "2022-11-08T09:34:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-08T09:34:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-18T05:55:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-3.el8.src",
"product": {
"name": "grafana-0:7.5.15-3.el8.src",
"product_id": "grafana-0:7.5.15-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-3.el8.aarch64",
"product": {
"name": "grafana-0:7.5.15-3.el8.aarch64",
"product_id": "grafana-0:7.5.15-3.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"product": {
"name": "grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"product_id": "grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-3.el8.ppc64le",
"product": {
"name": "grafana-0:7.5.15-3.el8.ppc64le",
"product_id": "grafana-0:7.5.15-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"product": {
"name": "grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"product_id": "grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-3.el8.x86_64",
"product": {
"name": "grafana-0:7.5.15-3.el8.x86_64",
"product_id": "grafana-0:7.5.15-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-3.el8.x86_64",
"product": {
"name": "grafana-debuginfo-0:7.5.15-3.el8.x86_64",
"product_id": "grafana-debuginfo-0:7.5.15-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-3.el8.s390x",
"product": {
"name": "grafana-0:7.5.15-3.el8.s390x",
"product_id": "grafana-0:7.5.15-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-3.el8.s390x",
"product": {
"name": "grafana-debuginfo-0:7.5.15-3.el8.s390x",
"product_id": "grafana-debuginfo-0:7.5.15-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64"
},
"product_reference": "grafana-0:7.5.15-3.el8.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le"
},
"product_reference": "grafana-0:7.5.15-3.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x"
},
"product_reference": "grafana-0:7.5.15-3.el8.s390x",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-3.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src"
},
"product_reference": "grafana-0:7.5.15-3.el8.src",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64"
},
"product_reference": "grafana-0:7.5.15-3.el8.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64"
},
"product_reference": "grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le"
},
"product_reference": "grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x"
},
"product_reference": "grafana-debuginfo-0:7.5.15-3.el8.s390x",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
},
"product_reference": "grafana-debuginfo-0:7.5.15-3.el8.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23648",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-03-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2065290"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sanitize-url: XSS due to improper sanitization in sanitizeUrl function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23648"
},
{
"category": "external",
"summary": "RHBZ#2065290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648"
},
{
"category": "external",
"summary": "https://github.com/braintree/sanitize-url/pull/40",
"url": "https://github.com/braintree/sanitize-url/pull/40"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882",
"url": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882"
}
],
"release_date": "2022-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "sanitize-url: XSS due to improper sanitization in sanitizeUrl function"
},
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"cve": "CVE-2022-1962",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: stack exhaustion in all Parse* functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1962"
},
{
"category": "external",
"summary": "RHBZ#2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
},
{
"category": "external",
"summary": "https://go.dev/issue/53616",
"url": "https://go.dev/issue/53616"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: go/parser: stack exhaustion in all Parse* functions"
},
{
"cve": "CVE-2022-21673",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044628"
}
],
"notes": [
{
"category": "description",
"text": "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Forward OAuth Identity Token can allow users to access some data sources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21673"
},
{
"category": "external",
"summary": "RHBZ#2044628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/",
"url": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Forward OAuth Identity Token can allow users to access some data sources"
},
{
"cve": "CVE-2022-21698",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2045880"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "RHBZ#2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
"url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
},
{
"cve": "CVE-2022-21702",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050648"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting (XSS) attack. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: XSS vulnerability in data source handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21702"
},
{
"category": "external",
"summary": "RHBZ#2050648",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050648"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21702"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21702",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21702"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/",
"url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/"
}
],
"release_date": "2022-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
},
{
"category": "workaround",
"details": "Please refer to the Grafana upstream advisory for possible workarounds for this issue.",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: XSS vulnerability in data source handling"
},
{
"cve": "CVE-2022-21703",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2022-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050742"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site request forgery (CSRF) vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, editors or admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: CSRF vulnerability can lead to privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21703"
},
{
"category": "external",
"summary": "RHBZ#2050742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050742"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21703"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21703",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21703"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/",
"url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/"
}
],
"release_date": "2022-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
},
{
"category": "workaround",
"details": "Please refer to the Grafana upstream advisory for possible workarounds for this issue.",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: CSRF vulnerability can lead to privilege escalation"
},
{
"cve": "CVE-2022-21713",
"cwe": {
"id": "CWE-425",
"name": "Direct Request (\u0027Forced Browsing\u0027)"
},
"discovery_date": "2022-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050743"
}
],
"notes": [
{
"category": "description",
"text": "An Insecure Direct Object Reference (IDOR) vulnerability was found on Grafana Teams APIs. This flaw impacts the `/teams/:teamId`, `/teams/:search`, `/teams/:teamId/members` API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for teams and see the total number of available teams (including teams that the user does not have access to).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: IDOR vulnerability can lead to information disclosure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21713"
},
{
"category": "external",
"summary": "RHBZ#2050743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21713",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21713"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21713"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/",
"url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/"
}
],
"release_date": "2022-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: IDOR vulnerability can lead to information disclosure"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src",
"AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x",
"AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
}
]
}
wid-sec-w-2022-0406
Vulnerability from csaf_certbund
Published
2022-01-18 23:00
Modified
2024-01-23 23:00
Summary
Grafana: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Grafana ist eine Open-Source Analyse- und Visualisierungssoftware.
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Grafana ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Grafana ist eine Open-Source Analyse- und Visualisierungssoftware.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Grafana ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0406 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0406.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0406 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0406"
},
{
"category": "external",
"summary": "Grafana 8.3.4 and 7.5.13 released vom 2022-01-18",
"url": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:0751-1 vom 2022-03-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010387.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0056 vom 2022-03-10",
"url": "https://access.redhat.com/errata/RHSA-2022:0056"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:1396-1 vom 2022-04-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010822.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2134-1 vom 2022-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011316.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6024 vom 2022-08-10",
"url": "https://access.redhat.com/errata/RHSA-2022:6024"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3676-1 vom 2022-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012594.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7519 vom 2022-11-08",
"url": "https://access.redhat.com/errata/RHSA-2022:7519"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8057 vom 2022-11-15",
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0191-1 vom 2024-01-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017744.html"
}
],
"source_lang": "en-US",
"title": "Grafana: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2024-01-23T23:00:00.000+00:00",
"generator": {
"date": "2024-02-15T16:49:29.785+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2022-0406",
"initial_release_date": "2022-01-18T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-01-18T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-03-08T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-03-10T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-04-10T22:00:00.000+00:00",
"number": "4",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-C5383675D9, FEDORA-2022-9DD03CAB55, FEDORA-2022-83405F9D5B"
},
{
"date": "2022-04-25T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-06-20T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-08-09T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-20T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-11-08T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-15T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-23T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source Grafana \u003c 7.5.13",
"product": {
"name": "Open Source Grafana \u003c 7.5.13",
"product_id": "T021766",
"product_identification_helper": {
"cpe": "cpe:/a:grafana:grafana:7.5.13"
}
}
},
{
"category": "product_name",
"name": "Open Source Grafana \u003c 8.3.4",
"product": {
"name": "Open Source Grafana \u003c 8.3.4",
"product_id": "T021767",
"product_identification_helper": {
"cpe": "cpe:/a:grafana:grafana:8.3.4"
}
}
}
],
"category": "product_name",
"name": "Grafana"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21673",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Grafana im Zusammenhang mit OAuth Access Tokens und API Keys. Wenn die \"OAuth-Weiterleitung f\u00fcr Datenquellen\" aktiviert ist, leitet Grafana das OAuth Access Token des zuletzt angemeldeten Benutzers weiter, anstatt das bereitgestellte API-Token. Ein Angreifer kann dies ausnutzen, um Sicherheitsmechanismen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T002207",
"67646"
]
},
"release_date": "2022-01-18T23:00:00Z",
"title": "CVE-2022-21673"
}
]
}
gsd-2022-21673
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-21673",
"description": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.",
"id": "GSD-2022-21673",
"references": [
"https://www.suse.com/security/cve/CVE-2022-21673.html",
"https://access.redhat.com/errata/RHSA-2022:0056",
"https://access.redhat.com/errata/RHSA-2022:6024",
"https://access.redhat.com/errata/RHSA-2022:7519",
"https://access.redhat.com/errata/RHSA-2022:8057"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-21673"
],
"details": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.",
"id": "GSD-2022-21673",
"modified": "2023-12-13T01:19:14.580586Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21673",
"STATE": "PUBLIC",
"TITLE": "OAuth Identity Token exposure in Grafana"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grafana",
"version": {
"version_data": [
{
"version_value": "\u003e= 7.2.0, \u003c 7.5.13"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.3.4"
}
]
}
}
]
},
"vendor_name": "grafana"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4",
"refsource": "CONFIRM",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4"
},
{
"name": "https://github.com/grafana/grafana/releases/tag/v7.5.13",
"refsource": "MISC",
"url": "https://github.com/grafana/grafana/releases/tag/v7.5.13"
},
{
"name": "https://github.com/grafana/grafana/releases/tag/v8.3.4",
"refsource": "MISC",
"url": "https://github.com/grafana/grafana/releases/tag/v8.3.4"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220303-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220303-0004/"
},
{
"name": "FEDORA-2022-83405f9d5b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/"
},
{
"name": "FEDORA-2022-9dd03cab55",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/"
},
{
"name": "FEDORA-2022-c5383675d9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/"
}
]
},
"source": {
"advisory": "GHSA-8wjh-59cw-9xh4",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.5.13",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21673"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4"
},
{
"name": "https://github.com/grafana/grafana/releases/tag/v8.3.4",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/grafana/grafana/releases/tag/v8.3.4"
},
{
"name": "https://github.com/grafana/grafana/releases/tag/v7.5.13",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/grafana/grafana/releases/tag/v7.5.13"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220303-0004/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220303-0004/"
},
{
"name": "FEDORA-2022-83405f9d5b",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/"
},
{
"name": "FEDORA-2022-9dd03cab55",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/"
},
{
"name": "FEDORA-2022-c5383675d9",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2023-07-24T13:54Z",
"publishedDate": "2022-01-18T22:15Z"
}
}
}
Loading...