Action not permitted
Modal body text goes here.
cve-2022-21673
Vulnerability from cvelistv5
Published
2022-01-18 21:35
Modified
2024-08-03 02:46
Severity
Summary
OAuth Identity Token exposure in Grafana
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:46:39.413Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/grafana/grafana/releases/tag/v7.5.13" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/grafana/grafana/releases/tag/v8.3.4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220303-0004/" }, { "name": "FEDORA-2022-83405f9d5b", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/" }, { "name": "FEDORA-2022-9dd03cab55", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/" }, { "name": "FEDORA-2022-c5383675d9", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "grafana", "vendor": "grafana", "versions": [ { "status": "affected", "version": "\u003e= 7.2.0, \u003c 7.5.13" }, { "status": "affected", "version": "\u003e= 8.0.0, \u003c 8.3.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-07T07:06:34", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/grafana/grafana/releases/tag/v7.5.13" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/grafana/grafana/releases/tag/v8.3.4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220303-0004/" }, { "name": "FEDORA-2022-83405f9d5b", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/" }, { "name": "FEDORA-2022-9dd03cab55", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/" }, { "name": "FEDORA-2022-c5383675d9", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/" } ], "source": { "advisory": "GHSA-8wjh-59cw-9xh4", "discovery": "UNKNOWN" }, "title": "OAuth Identity Token exposure in Grafana", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-21673", "STATE": "PUBLIC", "TITLE": "OAuth Identity Token exposure in Grafana" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "grafana", "version": { "version_data": [ { "version_value": "\u003e= 7.2.0, \u003c 7.5.13" }, { "version_value": "\u003e= 8.0.0, \u003c 8.3.4" } ] } } ] }, "vendor_name": "grafana" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4", "refsource": "CONFIRM", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4" }, { "name": "https://github.com/grafana/grafana/releases/tag/v7.5.13", "refsource": "MISC", "url": "https://github.com/grafana/grafana/releases/tag/v7.5.13" }, { "name": "https://github.com/grafana/grafana/releases/tag/v8.3.4", "refsource": "MISC", "url": "https://github.com/grafana/grafana/releases/tag/v8.3.4" }, { "name": "https://security.netapp.com/advisory/ntap-20220303-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220303-0004/" }, { "name": "FEDORA-2022-83405f9d5b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/" }, { "name": "FEDORA-2022-9dd03cab55", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/" }, { "name": "FEDORA-2022-c5383675d9", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/" } ] }, "source": { "advisory": "GHSA-8wjh-59cw-9xh4", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-21673", "datePublished": "2022-01-18T21:35:10", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-03T02:46:39.413Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-21673\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-01-18T22:15:07.873\",\"lastModified\":\"2023-11-07T03:43:40.340\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.\"},{\"lang\":\"es\",\"value\":\"Grafana es una plataforma de c\u00f3digo abierto para la monitorizaci\u00f3n y la observabilidad. En las versiones afectadas, cuando una fuente de datos tiene habilitada la funcionalidad Forward OAuth Identity, el env\u00edo de una consulta a esa fuente de datos con un token de API (y sin otras credenciales de usuario) reenviar\u00e1 la OAuth Identity del usuario que haya iniciado sesi\u00f3n m\u00e1s recientemente. Esto puede permitir a poseedores de tokens de API recuperar datos a los que no presentan acceso previsto. Este ataque depende de que la instancia de Grafana tenga fuentes de datos que soporten la funcionalidad Forward OAuth Identity, de que la instancia de Grafana tenga una fuente de datos con la funci\u00f3n Forward OAuth Identity activada, de que la instancia de Grafana tenga OAuth habilitado y de que la instancia de Grafana tenga claves de API usables. Este problema ha sido corregido en las versiones 7.5.13 y 8.3.4\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.5},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndExcluding\":\"7.5.13\",\"matchCriteriaId\":\"DB832562-836C-4E18-8086-1260790CD2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.3.4\",\"matchCriteriaId\":\"4FE88214-73A3-43A6-9858-F8CDE027D1FA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}],\"references\":[{\"url\":\"https://github.com/grafana/grafana/releases/tag/v7.5.13\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/grafana/grafana/releases/tag/v8.3.4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220303-0004/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2022_0056
Vulnerability from csaf_redhat
Published
2022-03-10 16:00
Modified
2022-12-21 16:23
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.10.3 security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.10.3 is now available with
updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.10.3. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHSA-2022:0055
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* grafana: Snapshot authentication bypass (CVE-2021-39226)
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
* grafana: directory traversal vulnerability (CVE-2021-43813)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
You may download the oc tool and use it to inspect release image metadata
as follows:
(For x86_64 architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.10.3-x86_64
The image digest is
sha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56
(For s390x architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.10.3-s390x
The image digest is
sha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69
(For ppc64le architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le
The image digest is
sha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c
All OpenShift Container Platform 4.10 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.10.3 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.10.3. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2022:0055\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-x86_64\n\nThe image digest is\nsha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-s390x\n\nThe image digest is\nsha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le\n\nThe image digest is\nsha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0056", "url": "https://access.redhat.com/errata/RHSA-2022:0056" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_0056.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.10.3 security update", "tracking": { "current_release_date": "2022-12-21T16:23:00Z", "generator": { "date": "2023-07-01T05:24:00Z", "engine": { "name": "Red Hat SDEngine", "version": "3.18.0" } }, "id": "RHSA-2022:0056", "initial_release_date": "2022-03-10T16:00:00Z", "revision_history": [ { "date": "2022-12-21T16:23:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.10", "product": { "name": "Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.10::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "category": "product_version", "name": "openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "product": { "name": "openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "product_id": "openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "product": { "name": "openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "product_id": "openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "product": { "name": "openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "product_id": "openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "product": { "name": "openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "product_id": "openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "product": { "name": "openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "product_id": "openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "product": { "name": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "product_id": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "product": { "name": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "product_id": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "product": { "name": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "product_id": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "product": { "name": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "product_id": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "product": { "name": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "product_id": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "product": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "product": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "product": { "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "product_id": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "product": { "name": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "product_id": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "product": { "name": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "product_id": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "product": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "product_id": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "product": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "product_id": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "product": { "name": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "product_id": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "product": { "name": "openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "product_id": "openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "product": { "name": "openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "product_id": "openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "product": { "name": "openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "product_id": "openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "product": { "name": "openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "product_id": "openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "product": { "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "product_id": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "product": { "name": "openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "product_id": "openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "product": { "name": "openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "product_id": "openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "product": { "name": "openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "product_id": "openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "product": { "name": "openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "product_id": "openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "product": { "name": "openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "product_id": "openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "product": { "name": "openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "product_id": "openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "product": { "name": "openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "product_id": "openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "product": { "name": "openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "product_id": "openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "product": { "name": "openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "product_id": "openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "product": { "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "product_id": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "product": { "name": "openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "product_id": "openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "product": { "name": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "product_id": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "product": { "name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "product_id": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "product": { "name": "openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "product_id": "openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "product": { "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "product_id": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "product": { "name": "openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "product_id": "openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "product": { "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "product_id": "openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "product": { "name": "openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "product_id": "openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "product": { "name": "openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "product_id": "openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "product_id": "openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "product_id": "openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "product_id": "openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "product_id": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "product": { "name": "openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "product_id": "openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "product": { "name": "openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "product_id": "openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "product": { "name": "openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "product_id": "openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "product": { "name": "openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "product_id": "openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "product": { "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "product_id": "openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "product": { "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "product_id": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "product": { "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "product_id": "openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "product": { "name": "openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "product_id": "openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "product": { "name": "openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "product_id": "openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "product": { "name": "openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "product_id": "openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "product": { "name": "openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "product_id": "openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "product": { "name": "openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "product_id": "openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "product": { "name": "openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "product_id": "openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "product": { "name": "openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "product_id": "openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "product": { "name": "openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "product_id": "openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "product": { "name": "openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "product_id": "openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "product_id": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "product_id": "openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "product_id": "openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "product_id": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "product_id": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "product": { "name": "openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "product_id": "openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "product": { "name": "openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "product_id": "openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "product": { "name": "openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "product_id": "openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "product": { "name": "openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "product_id": "openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "product": { "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "product_id": "openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "product": { "name": "openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "product_id": "openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "product": { "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "product_id": "openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "product": { "name": "openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "product_id": "openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "product": { "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "product_id": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "product": { "name": "openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "product_id": "openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "product": { "name": "openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "product_id": "openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "product": { "name": "openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "product_id": "openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1" } }, { "category": "product_version", "name": "openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "product": { "name": "openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "product_id": "openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "product": { "name": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "product_id": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "product": { "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "product_id": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "product": { "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "product_id": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "product": { "name": "openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "product_id": "openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "product": { "name": "openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "product_id": "openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "product": { "name": "openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "product_id": "openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "product": { "name": "openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "product_id": "openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "product": { "name": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "product_id": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "product": { "name": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "product_id": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "product": { "name": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "product_id": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "product": { "name": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "product_id": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "product": { "name": "openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "product_id": "openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "product": { "name": "openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "product_id": "openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "product": { "name": "openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "product_id": "openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "product": { "name": "openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "product_id": "openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "product": { "name": "openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "product_id": "openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "product": { "name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "product_id": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "product": { "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "product_id": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "product": { "name": "openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "product_id": "openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "product": { "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "product_id": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "product": { "name": "openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "product_id": "openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "product": { "name": "openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "product_id": "openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "product_id": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "product": { "name": "openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "product_id": "openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "product": { "name": "openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "product_id": "openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "product": { "name": "openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "product_id": "openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "product": { "name": "openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "product_id": "openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "product": { "name": "openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "product_id": "openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "product": { "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "product_id": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "product": { "name": "openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "product_id": "openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "product": { "name": "openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "product_id": "openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "product": { "name": "openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "product_id": "openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "product": { "name": "openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "product_id": "openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "product": { "name": "openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "product_id": "openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "product": { "name": "openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "product_id": "openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "product": { "name": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "product_id": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "product": { "name": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "product_id": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "product": { "name": "openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "product_id": "openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "product": { "name": "openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "product_id": "openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "product": { "name": "openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "product_id": "openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "product": { "name": "openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "product_id": "openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "product": { "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "product_id": "openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "product": { "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "product_id": "openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "product": { "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "product_id": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "product": { "name": "openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "product_id": "openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "product": { "name": "openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "product_id": "openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "product": { "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "product_id": "openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "product": { "name": "openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "product_id": "openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "product": { "name": "openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "product_id": "openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "product": { "name": "openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "product_id": "openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "product": { "name": "openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "product_id": "openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "product": { "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "product_id": "openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "product": { "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "product_id": "openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "product": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "product": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "product": { "name": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "product_id": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "product": { "name": "openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "product_id": "openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "product": { "name": "openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "product_id": "openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "product": { "name": "openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "product_id": "openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "product": { "name": "openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "product_id": "openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "product": { "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "product_id": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "product": { "name": "openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "product_id": "openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "product": { "name": "openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "product_id": "openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "product": { "name": "openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "product_id": "openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "product": { "name": "openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "product_id": "openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "product": { "name": "openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "product_id": "openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "product": { "name": "openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "product_id": "openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "product": { "name": "openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "product_id": "openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "product": { "name": "openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "product_id": "openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "product": { "name": "openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "product_id": "openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "product": { "name": "openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "product_id": "openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "product": { "name": "openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "product_id": "openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "product": { "name": "openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "product_id": "openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "product": { "name": "openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "product_id": "openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "product": { "name": "openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "product_id": "openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "product": { "name": "openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "product_id": "openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "product": { "name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "product_id": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "product": { "name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "product_id": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "product": { "name": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "product_id": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "product": { "name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "product_id": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "product": { "name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "product_id": "openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "product": { "name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "product_id": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "product": { "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "product_id": "openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "product": { "name": "openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "product_id": "openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "product": { "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "product_id": "openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "product": { "name": "openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "product_id": "openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" } } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream" }, "product_reference": "openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream" }, "product_reference": "openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream" }, "product_reference": "openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream" }, "product_reference": "openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream" }, "product_reference": "openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream" }, "product_reference": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream" }, "product_reference": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream" }, "product_reference": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream" }, "product_reference": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream" }, "product_reference": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream" }, "product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream" }, "product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream" }, "product_reference": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream" }, "product_reference": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream" }, "product_reference": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream" }, "product_reference": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream" }, "product_reference": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream" }, "product_reference": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream" }, "product_reference": "openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream" }, "product_reference": "openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream" }, "product_reference": "openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream" }, "product_reference": "openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream" }, "product_reference": "openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream" }, "product_reference": "openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream" }, "product_reference": "openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream" }, "product_reference": "openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream" }, "product_reference": "openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream" }, "product_reference": "openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream" }, "product_reference": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream" }, "product_reference": "openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream" }, "product_reference": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream" }, "product_reference": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream" }, "product_reference": "openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream" }, "product_reference": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream" }, "product_reference": "openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream" }, "product_reference": "openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream" }, "product_reference": "openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream" }, "product_reference": "openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream" }, "product_reference": "openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream" }, "product_reference": "openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream" }, "product_reference": "openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream" }, "product_reference": "openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream" }, "product_reference": "openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream" }, "product_reference": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream" }, "product_reference": "openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream" }, "product_reference": "openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream" }, "product_reference": "openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream" }, "product_reference": "openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream" }, "product_reference": "openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream" }, "product_reference": "openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream" }, "product_reference": "openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream" }, "product_reference": "openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream" }, "product_reference": "openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream" }, "product_reference": "openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream" }, "product_reference": "openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream" }, "product_reference": "openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream" }, "product_reference": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream" }, "product_reference": "openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream" }, "product_reference": "openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1" }, "product_reference": "openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream" }, "product_reference": "openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream" }, "product_reference": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream" }, "product_reference": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream" }, "product_reference": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream" }, "product_reference": "openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream" }, "product_reference": "openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream" }, "product_reference": "openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream" }, "product_reference": "openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream" }, "product_reference": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream" }, "product_reference": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream" }, "product_reference": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream" }, "product_reference": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream" }, "product_reference": "openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream" }, "product_reference": "openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream" }, "product_reference": "openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream" }, "product_reference": "openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream" }, "product_reference": "openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream" }, "product_reference": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream" }, "product_reference": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream" }, "product_reference": "openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream" }, "product_reference": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream" }, "product_reference": "openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream" }, "product_reference": "openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream" }, "product_reference": "openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream" }, "product_reference": "openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream" }, "product_reference": "openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream" }, "product_reference": "openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream" }, "product_reference": "openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream" }, "product_reference": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream" }, "product_reference": "openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream" }, "product_reference": "openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream" }, "product_reference": "openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream" }, "product_reference": "openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream" }, "product_reference": "openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream" }, "product_reference": "openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream" }, "product_reference": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream" }, "product_reference": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream" }, "product_reference": "openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream" }, "product_reference": "openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream" }, "product_reference": "openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream" }, "product_reference": "openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream" }, "product_reference": "openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream" }, "product_reference": "openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream" }, "product_reference": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream" }, "product_reference": "openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream" }, "product_reference": "openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream" }, "product_reference": "openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream" }, "product_reference": "openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream" }, "product_reference": "openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream" }, "product_reference": "openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream" }, "product_reference": "openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream" }, "product_reference": "openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream" }, "product_reference": "openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream" }, "product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream" }, "product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream" }, "product_reference": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream" }, "product_reference": "openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream" }, "product_reference": "openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream" }, "product_reference": "openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream" }, "product_reference": "openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream" }, "product_reference": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream" }, "product_reference": "openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream" }, "product_reference": "openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream" }, "product_reference": "openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream" }, "product_reference": "openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream" }, "product_reference": "openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream" }, "product_reference": "openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream" }, "product_reference": "openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream" }, "product_reference": "openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream" }, "product_reference": "openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream" }, "product_reference": "openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream" }, "product_reference": "openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream" }, "product_reference": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream" }, "product_reference": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" }, "product_reference": "openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream" }, "product_reference": "openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" }, "product_reference": "openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.10" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3121", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "discovery_date": "2021-01-28T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3121" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121" }, { "category": "external", "summary": "CVE-2021-3121", "url": "https://access.redhat.com/security/cve/CVE-2021-3121" }, { "category": "external", "summary": "bz#1921650: CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" } ], "release_date": "2021-01-11T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:0056" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-01-28T00:00:00Z", "details": "Important" } ], "title": "CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation" }, { "cve": "CVE-2021-3749", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-31T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1999784" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this vulnerability is system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "Regular expression denial of service in trim function", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3749", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749" }, { "category": "external", "summary": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929", "url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929" }, { "category": "external", "summary": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31", "url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31" }, { "category": "external", "summary": "CVE-2021-3749", "url": "https://access.redhat.com/security/cve/CVE-2021-3749" }, { "category": "external", "summary": "bz#1999784: Regular expression denial of service in trim function", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999784" } ], "release_date": "2021-08-31T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:0056" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-08-31T00:00:00Z", "details": "Moderate" } ], "title": "Regular expression denial of service in trim function" }, { "cve": "CVE-2021-39226", "cwe": { "id": "CWE-639", "name": "Authorization Bypass Through User-Controlled Key" }, "discovery_date": "2021-10-05T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2011063" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "An authentication bypass was found in grafana. An attacker on the network is able to view and delete snapshots by accessing a literal path.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: Snapshot authentication bypass", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-39226", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39226" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39226", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39226" }, { "category": "external", "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-69j6-29vr-p3j9", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-69j6-29vr-p3j9" }, { "category": "external", "summary": "https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/", "url": "https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/" }, { "category": "external", "summary": "CVE-2021-39226", "url": "https://access.redhat.com/security/cve/CVE-2021-39226" }, { "category": "external", "summary": "bz#2011063: CVE-2021-39226 grafana: Snapshot authentication bypass", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011063" } ], "release_date": "2021-10-05T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:0056" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-10-05T00:00:00Z", "details": "Important" } ], "title": "CVE-2021-39226 grafana: Snapshot authentication bypass" }, { "cve": "CVE-2021-41772", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2021-11-04T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2020736" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: archive/zip: Reader.Open panics on empty string", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-41772", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41772" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41772", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41772" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/0fM21h43arc", "url": "https://groups.google.com/g/golang-announce/c/0fM21h43arc" }, { "category": "external", "summary": "CVE-2021-41772", "url": "https://access.redhat.com/security/cve/CVE-2021-41772" }, { "category": "external", "summary": "bz#2020736: CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020736" } ], "release_date": "2021-08-30T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:0056" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-11-04T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string" }, { "cve": "CVE-2021-43813", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-12-09T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2031228" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: directory traversal vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43813", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43813" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43813", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43813" }, { "category": "external", "summary": "https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/", "url": "https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/" }, { "category": "external", "summary": "CVE-2021-43813", "url": "https://access.redhat.com/security/cve/CVE-2021-43813" }, { "category": "external", "summary": "bz#2031228: CVE-2021-43813 grafana: directory traversal vulnerability", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031228" } ], "release_date": "2021-12-10T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:0056" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-12-09T00:00:00Z", "details": "Low" } ], "title": "CVE-2021-43813 grafana: directory traversal vulnerability" }, { "cve": "CVE-2021-44716", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-09T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: limit growth of header canonicalization cache", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k" }, { "category": "external", "summary": "CVE-2021-44716", "url": "https://access.redhat.com/security/cve/CVE-2021-44716" }, { "category": "external", "summary": "bz#2030801: CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801" } ], "release_date": "2021-12-09T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:0056" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-12-09T00:00:00Z", "details": "Important" } ], "title": "CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache" }, { "cve": "CVE-2021-44717", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-12-09T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: syscall: don\u0027t close fd 0 on ForkExec error", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k" }, { "category": "external", "summary": "CVE-2021-44717", "url": "https://access.redhat.com/security/cve/CVE-2021-44717" }, { "category": "external", "summary": "bz#2030806: CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806" } ], "release_date": "2021-12-09T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:0056" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-12-09T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error" }, { "cve": "CVE-2022-21673", "cwe": { "id": "CWE-201", "name": "Insertion of Sensitive Information Into Sent Data" }, "discovery_date": "2022-01-24T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: Forward OAuth Identity Token can allow users to access some data sources", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.10:openshift4/cloud-network-config-controller-rhel8:v4.10.0-202202160023.p0.g224020c.assembly.stream", "8Base-RHOSE-4.10:openshift4/driver-toolkit-rhel8:v4.10.0-202202160023.p0.g0c77c8d.assembly.stream", "8Base-RHOSE-4.10:openshift4/egress-router-cni-rhel8:v4.10.0-202202160023.p0.g5c56bc8.assembly.stream", "8Base-RHOSE-4.10:openshift4/network-tools-rhel8:v4.10.0-202202262156.p0.gbcfec9c.assembly.stream", "8Base-RHOSE-4.10:openshift4/oc-mirror-plugin-rhel8:v4.10.0-202202160023.p0.g0a2b069.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdb2d118.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.10.0-202202160023.p0.gb9dd1ad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.10.0-202202160023.p0.g9c102a7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-alibaba-machine-controllers-rhel8:v4.10.0-202202160023.p0.g0206121.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gd85867f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.gb974039.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.10.0-202202160023.p0.g8ba0c7a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.10.0-202202160023.p0.g7f9eb87.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-cloud-node-manager-rhel8:v4.10.0-202202160023.p0.g07f1335.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.g3b25a5d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-disk-csi-driver-rhel8:v4.10.0-202202160023.p0.g3d79d39.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g3807eb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-azure-file-csi-driver-rhel8:v4.10.0-202202160023.p0.gf88155b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-installer-rhel8:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-machine-controllers:v4.10.0-202202160023.p0.g0716ee4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-rhel8-operator:v4.10.0-202202160023.p0.g28771f4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-baremetal-runtimecfg-rhel8:v4.10.0-202202160023.p0.gedc9617.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-alt-rhel8:v4.10.0-202202160023.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts-alt-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli-artifacts:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cli:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cloud-credential-operator:v4.10.0-202202160023.p0.gaa55102.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-api-rhel8:v4.10.0-202202160023.p0.g78fff55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-authentication-operator:v4.10.0-202202160023.p0.g4770445.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler-operator:v4.10.0-202202160023.p0.ga09e626.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-autoscaler:v4.10.0-202202160023.p0.g25d3ad5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202202160023.p0.g76fd38b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-bootstrap:v4.10.0-202202160023.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-capi-operator-container-rhel8:v4.10.0-202202160023.p0.g79c0ce3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.10.0-202202160023.p0.gd9bab3c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-config-operator:v4.10.0-202202160023.p0.ga726e3e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.10.0-202202160023.p0.gfbc3e63.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-dns-operator:v4.10.0-202202160023.p0.gbc48e0a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-etcd-rhel8-operator:v4.10.0-202202241648.p0.g9619a07.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-image-registry-operator:v4.10.0-202202160023.p0.g0924977.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-ingress-operator:v4.10.0-202202231533.p0.g377604b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-apiserver-operator:v4.10.0-202202160023.p0.g913f3f3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-controller-manager-operator:v4.10.0-202202160023.p0.gca3ff53.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-scheduler-operator:v4.10.0-202202160843.p0.g0c57d73.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.10.0-202202160023.p0.g9030c0d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-machine-approver:v4.10.0-202202160023.p0.g49dd2dc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-monitoring-operator:v4.10.0-202202160023.p0.g1727e2b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-network-operator:v4.10.0-202202160023.p0.ga0e506c.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-node-tuning-operator:v4.10.0-202202241816.p0.g3c5760e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-apiserver-operator:v4.10.0-202202160023.p0.g224b294.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-openshift-controller-manager-operator:v4.10.0-202202160023.p0.gb8b65d1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-policy-controller-rhel8:v4.10.0-202202160023.p0.g8e5b365.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-samples-operator:v4.10.0-202202160023.p0.gd41950d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-storage-operator:v4.10.0-202202160023.p0.g2eb1fd8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-update-keys:v4.10.0-202202160023.p0.g342eb8e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-cluster-version-operator:v4.10.0-202202160023.p0.g0729556.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-configmap-reloader:v4.10.0-202202160023.p0.g22a40ce.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console-operator:v4.10.0-202202160023.p0.g17a5554.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-console:v4.10.0-202202240423.p0.gb6503ff.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-container-networking-plugins-rhel8:v4.10.0-202202160023.p0.g55e1cf1.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-coredns:v4.10.0-202202160023.p0.g3ec1ee7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202202160023.p0.g16f67d6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-manila-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202202160023.p0.g3448830.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.10.0-202202160023.p0.g662615b.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-driver-shared-resource-rhel8:v4.10.0-202202160023.p0.gd06ff18.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher-rhel8:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-attacher:v4.10.0-202202160023.p0.g27e71f2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer-rhel8:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-resizer:v4.10.0-202202160023.p0.ge593409.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-external-snapshotter:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-controller:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.10.0-202202160023.p0.gfe4a0a2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-deployer:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-builder:v4.10.0-202202160023.p0.g24d8db4.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-docker-registry:v4.10.0-202203032259.p0.g9fb7451.assembly.4.10.1", "8Base-RHOSE-4.10:openshift4/ose-etcd:v4.10.0-202202160023.p0.g7bbf25a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g4dc728d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.g223a251.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.10.0-202202160023.p0.g19e9a57.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-haproxy-router:v4.10.0-202202160023.p0.g820e08a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-hyperkube:v4.10.0-202202250816.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.ge303912.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.10.0-202202172102.p0.g45f1fad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.10.0-202202160023.p0.gd54e370.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.10.0-202202160023.p0.g7074dfc.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.10.0-202202160023.p0.g7449a94.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-image-customization-controller-rhel8:v4.10.0-202202160023.p0.g04a5cb3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-insights-rhel8-operator:v4.10.0-202202160023.p0.g007dfad.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer-artifacts:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-installer:v4.10.0-202202240423.p0.g3b70190.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-agent-rhel8:v4.10.0-202202241648.p0.g2004c66.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.10.0-202202241648.p0.g6246922.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.10.0-202202160023.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-rhel8:v4.10.0-202202241648.p0.gdb4f6aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ironic-static-ip-manager-rhel8:v4.10.0-202202160023.p0.g45a1c54.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-base:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-maven:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-jenkins:v4.10.0-202202160843.p0.g10e9ee3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-k8s-prometheus-adapter:v4.10.0-202202160023.p0.g4052b31.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-keepalived-ipfailover:v4.10.0-202202160023.p0.g544601e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-proxy:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-state-metrics:v4.10.0-202202160023.p0.g6530ff5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kube-storage-version-migrator-rhel8:v4.10.0-202202160023.p0.g901a6d2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-cni-rhel8:v4.10.0-202202241648.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-kuryr-controller-rhel8:v4.10.0-202202241816.p0.ge77f917.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-libvirt-machine-controllers:v4.10.0-202202160023.p0.g3b330b7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-operator:v4.10.0-202202160023.p0.g668c5b5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-aws-rhel8:v4.10.0-202202160023.p0.g192e5f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-azure-rhel8:v4.10.0-202202160023.p0.g177035a.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-gcp-rhel8:v4.10.0-202202160023.p0.g3fe46c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-api-provider-openstack-rhel8:v4.10.0-202202160023.p0.g2401f74.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-config-operator:v4.10.0-202202160023.p0.g14a1ca2.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-machine-os-images-rhel8:v4.10.0-202202240423.p0.g4d1e087.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-admission-controller:v4.10.0-202202211128.p0.gd7a7fe5.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-cni:v4.10.0-202202160023.p0.gd27ed81.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-networkpolicy-rhel8:v4.10.0-202202160023.p0.gbfcc6c8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-route-override-cni-rhel8:v4.10.0-202202160023.p0.g707dd38.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.10.0-202202160023.p0.g47aa938.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-must-gather:v4.10.0-202202160843.p0.ga42fad8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-interface-bond-cni-rhel8:v4.10.0-202202160023.p0.g8492260.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-network-metrics-daemon-rhel8:v4.10.0-202202160023.p0.gab62184.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-apiserver-rhel8:v4.10.0-202202160023.p0.ge854413.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-proxy:v4.10.0-202202160023.p0.g799d414.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-oauth-server-rhel8:v4.10.0-202202160023.p0.g245b95f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-apiserver-rhel8:v4.10.0-202202160023.p0.g6b16f7f.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-controller-manager-rhel8:v4.10.0-202202160023.p0.g2c2d50d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openshift-state-metrics-rhel8:v4.10.0-202202160023.p0.g2dcf523.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.10.0-202202160023.p0.ge0b5715.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.gdf0b27d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-openstack-machine-controllers:v4.10.0-202202160023.p0.ge6b35eb.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-lifecycle-manager:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-marketplace:v4.10.0-202202160023.p0.g80b92ec.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-operator-registry:v4.10.0-202202160023.p0.g5863540.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovirt-machine-controllers-rhel8:v4.10.0-202202160023.p0.g35ce9aa.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-ovn-kubernetes:v4.10.0-202202262156.p0.gbb5b9db.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-pod:v4.10.0-202202251728.p0.ge419edf.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-powervs-machine-controllers-rhel8:v4.10.0-202202160023.p0.gc1d68e7.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prom-label-proxy:v4.10.0-202202160023.p0.g5f4c899.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-alertmanager:v4.10.0-202202160023.p0.g0133959.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-config-reloader:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-node-exporter:v4.10.0-202202160023.p0.g0eed310.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus-operator:v4.10.0-202202160023.p0.g53d6d76.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-prometheus:v4.10.0-202202160023.p0.g3c6cd55.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-sdn-rhel8:v4.10.0-202203080140.p0.g62d09f9.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-service-ca-operator:v4.10.0-202202160023.p0.g1611373.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-telemeter:v4.10.0-202202160023.p0.g2c9c76e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tests:v4.10.0-202202221318.p0.gc1d9068.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-thanos-rhel8:v4.10.0-202202160023.p0.g10ca1d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-tools-rhel8:v4.10.0-202202160843.p0.gf93da17.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.10.0-202202160023.p0.g25b98d3.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.10.0-202202160023.p0.gedf114e.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.10.0-202202160023.p0.ge310f4d.assembly.stream", "8Base-RHOSE-4.10:openshift4/ose-vsphere-problem-detector-rhel8:v4.10.0-202202160023.p0.gf756bf8.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel7:v4.10.0-202202160023.p0.g633cbb6.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8-operator:v4.10.0-202202221429.p0.gd329b02.assembly.stream", "8Base-RHOSE-4.10:openshift4/ovirt-csi-driver-rhel8:v4.10.0-202202160023.p0.g633cbb6.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21673", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673" }, { "category": "external", "summary": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", "url": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/" }, { "category": "external", "summary": "CVE-2022-21673", "url": "https://access.redhat.com/security/cve/CVE-2022-21673" }, { "category": "external", "summary": "bz#2044628: CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628" } ], "release_date": "2022-01-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:0056" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4/ose-grafana:v4.10.0-202202160023.p0.g48aec35.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2022-01-24T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources" } ] }
rhsa-2022_6024
Vulnerability from csaf_redhat
Published
2022-08-09 20:31
Modified
2024-09-18 05:56
Summary
Red Hat Security Advisory: New container image for Red Hat Ceph Storage 5.2 Security update
Notes
Topic
A new container image for Red Hat Ceph Storage 5.2 is now available in the Red Hat Ecosystem Catalog.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform
that combines the most stable version of the Ceph storage system with a
Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 5.2 and Red Hat
Enterprise Linux 8.6 and Red Hat Enterprise Linux 9.
Space precludes documenting all of these changes in this advisory. Users
are directed to the Red Hat Ceph Storage Release Notes for information on
the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index
All users of Red Hat Ceph Storage are advised to pull these new images from
the Red Hat Ecosystem catalog, which provides numerous enhancements and bug
fixes.
Security Fix(es):
* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
* grafana: directory traversal vulnerability (CVE-2021-43813)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A new container image for Red Hat Ceph Storage 5.2 is now available in the Red Hat Ecosystem Catalog.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform\nthat combines the most stable version of the Ceph storage system with a\nCeph management platform, deployment utilities, and support services.\n\nThis new container image is based on Red Hat Ceph Storage 5.2 and Red Hat\nEnterprise Linux 8.6 and Red Hat Enterprise Linux 9.\n\nSpace precludes documenting all of these changes in this advisory. Users\nare directed to the Red Hat Ceph Storage Release Notes for information on\nthe most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from\nthe Red Hat Ecosystem catalog, which provides numerous enhancements and bug\nfixes.\n\nSecurity Fix(es):\n\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6024", "url": "https://access.redhat.com/errata/RHSA-2022:6024" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031228" }, { "category": "external", "summary": "2044628", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628" }, { "category": "external", "summary": "2115198", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115198" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_6024.json" } ], "title": "Red Hat Security Advisory: New container image for Red Hat Ceph Storage 5.2 Security update", "tracking": { "current_release_date": "2024-09-18T05:56:00+00:00", "generator": { "date": "2024-09-18T05:56:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:6024", "initial_release_date": "2022-08-09T20:31:48+00:00", "revision_history": [ { "date": "2022-08-09T20:31:48+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-08-09T20:31:48+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T05:56:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Ceph Storage 5.2 Tools", "product": { "name": "Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools", "product_identification_helper": { "cpe": "cpe:/a:redhat:ceph_storage:5.2::el8" } } } ], "category": "product_family", "name": "Red Hat Ceph Storage" }, { "branches": [ { "category": "product_version", "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x", "product": { "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x", "product_id": "rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x", "product_identification_helper": { "purl": "pkg:oci/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-dashboard-rhel8\u0026tag=5-56" } } }, { "category": "product_version", "name": "rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x", "product": { "name": "rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x", "product_id": "rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x", "product_identification_helper": { "purl": "pkg:oci/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel8\u0026tag=2.1.5-16" } } }, { "category": "product_version", "name": "rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x", "product": { "name": "rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x", "product_id": "rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x", "product_identification_helper": { "purl": "pkg:oci/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-rhel8\u0026tag=5-268" } } }, { "category": "product_version", "name": "rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x", "product": { "name": "rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x", "product_id": "rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x", "product_identification_helper": { "purl": "pkg:oci/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel8\u0026tag=2.2.19-9" } } }, { "category": "product_version", "name": "rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x", "product": { "name": "rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x", "product_id": "rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x", "product_identification_helper": { "purl": "pkg:oci/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel8\u0026tag=1.2.1-16" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le", "product": { "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le", "product_id": "rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-dashboard-rhel8\u0026tag=5-56" } } }, { "category": "product_version", "name": "rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le", "product": { "name": "rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le", "product_id": "rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le", "product_identification_helper": { "purl": "pkg:oci/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel8\u0026tag=2.1.5-16" } } }, { "category": "product_version", "name": "rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le", "product": { "name": "rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le", "product_id": "rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-rhel8\u0026tag=5-268" } } }, { "category": "product_version", "name": "rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le", "product": { "name": "rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le", "product_id": "rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel8\u0026tag=2.2.19-9" } } }, { "category": "product_version", "name": "rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le", "product": { "name": "rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le", "product_id": "rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le", "product_identification_helper": { "purl": "pkg:oci/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel8\u0026tag=1.2.1-16" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64", "product": { "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64", "product_id": "rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64", "product_identification_helper": { "purl": "pkg:oci/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-dashboard-rhel8\u0026tag=5-56" } } }, { "category": "product_version", "name": "rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64", "product": { "name": "rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64", "product_id": "rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64", "product_identification_helper": { "purl": "pkg:oci/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel8\u0026tag=2.1.5-16" } } }, { "category": "product_version", "name": "rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64", "product": { "name": "rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64", "product_id": "rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64", "product_identification_helper": { "purl": "pkg:oci/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-rhel8\u0026tag=5-268" } } }, { "category": "product_version", "name": "rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64", "product": { "name": "rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64", "product_id": "rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64", "product_identification_helper": { "purl": "pkg:oci/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel8\u0026tag=2.2.19-9" } } }, { "category": "product_version", "name": "rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64", "product": { "name": "rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64", "product_id": "rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64", "product_identification_helper": { "purl": "pkg:oci/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel8\u0026tag=1.2.1-16" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x as a component of Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x" }, "product_reference": "rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x", "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le as a component of Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le" }, "product_reference": "rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le", "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64 as a component of Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64" }, "product_reference": "rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64", "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64 as a component of Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64" }, "product_reference": "rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64", "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le as a component of Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le" }, "product_reference": "rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le", "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x as a component of Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x" }, "product_reference": "rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x", "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64 as a component of Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64" }, "product_reference": "rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64", "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x as a component of Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x" }, "product_reference": "rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x", "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le as a component of Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le" }, "product_reference": "rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le", "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x as a component of Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x" }, "product_reference": "rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x", "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le as a component of Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le" }, "product_reference": "rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le", "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64 as a component of Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64" }, "product_reference": "rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64", "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x as a component of Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x" }, "product_reference": "rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x", "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64 as a component of Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64" }, "product_reference": "rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64", "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools" }, { "category": "default_component_of", "full_product_name": { "name": "rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le as a component of Red Hat Ceph Storage 5.2 Tools", "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le" }, "product_reference": "rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le", "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-43813", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031228" } ], "notes": [ { "category": "description", "text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: directory traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x" ], "known_not_affected": [ "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43813" }, { "category": "external", "summary": "RHBZ#2031228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031228" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43813", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43813" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43813", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43813" }, { "category": "external", "summary": "https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/", "url": "https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/" } ], "release_date": "2021-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993", "product_ids": [ "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6024" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "grafana: directory traversal vulnerability" }, { "cve": "CVE-2022-21673", "cwe": { "id": "CWE-201", "name": "Insertion of Sensitive Information Into Sent Data" }, "discovery_date": "2022-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044628" } ], "notes": [ { "category": "description", "text": "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: Forward OAuth Identity Token can allow users to access some data sources", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x" ], "known_not_affected": [ "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x", "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21673" }, { "category": "external", "summary": "RHBZ#2044628", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21673", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673" }, { "category": "external", "summary": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", "url": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993", "product_ids": [ "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6024" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le", "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: Forward OAuth Identity Token can allow users to access some data sources" } ] }
rhsa-2022_8057
Vulnerability from csaf_redhat
Published
2022-11-15 10:31
Modified
2024-09-18 05:55
Summary
Red Hat Security Advisory: grafana security, bug fix, and enhancement update
Notes
Topic
An update for grafana is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
The following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055349)
Security Fix(es):
* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* grafana: XSS vulnerability in data source handling (CVE-2022-21702)
* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)
* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for grafana is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nThe following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055349)\n\nSecurity Fix(es):\n\n* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* grafana: XSS vulnerability in data source handling (CVE-2022-21702)\n\n* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)\n\n* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:8057", "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index" }, { "category": "external", "summary": "2044628", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628" }, { "category": "external", "summary": "2045880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880" }, { "category": "external", "summary": "2050648", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050648" }, { "category": "external", "summary": "2050742", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050742" }, { "category": "external", "summary": "2050743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050743" }, { "category": "external", "summary": "2055349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055349" }, { "category": "external", "summary": "2065290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290" }, { "category": "external", "summary": "2104367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367" }, { "category": "external", "summary": "2107342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342" }, { "category": "external", "summary": "2107371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371" }, { "category": "external", "summary": "2107374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374" }, { "category": "external", "summary": "2107376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376" }, { "category": "external", "summary": "2107383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383" }, { "category": "external", "summary": "2107386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386" }, { "category": "external", "summary": "2107388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, { "category": "external", "summary": "2107390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390" }, { "category": "external", "summary": "2107392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_8057.json" } ], "title": "Red Hat Security Advisory: grafana security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-09-18T05:55:24+00:00", "generator": { "date": "2024-09-18T05:55:24+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:8057", "initial_release_date": "2022-11-15T10:31:43+00:00", "revision_history": [ { "date": "2022-11-15T10:31:43+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-15T10:31:43+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T05:55:24+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "grafana-0:7.5.15-3.el9.src", "product": { "name": "grafana-0:7.5.15-3.el9.src", "product_id": "grafana-0:7.5.15-3.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "grafana-0:7.5.15-3.el9.aarch64", "product": { "name": "grafana-0:7.5.15-3.el9.aarch64", "product_id": "grafana-0:7.5.15-3.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=aarch64" } } }, { "category": "product_version", "name": "grafana-debuginfo-0:7.5.15-3.el9.aarch64", "product": { "name": "grafana-debuginfo-0:7.5.15-3.el9.aarch64", "product_id": "grafana-debuginfo-0:7.5.15-3.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "grafana-0:7.5.15-3.el9.ppc64le", "product": { "name": "grafana-0:7.5.15-3.el9.ppc64le", "product_id": "grafana-0:7.5.15-3.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=ppc64le" } } }, { "category": "product_version", "name": "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "product": { "name": "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "product_id": "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "grafana-0:7.5.15-3.el9.x86_64", "product": { "name": "grafana-0:7.5.15-3.el9.x86_64", "product_id": "grafana-0:7.5.15-3.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-debuginfo-0:7.5.15-3.el9.x86_64", "product": { "name": "grafana-debuginfo-0:7.5.15-3.el9.x86_64", "product_id": "grafana-debuginfo-0:7.5.15-3.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "grafana-0:7.5.15-3.el9.s390x", "product": { "name": "grafana-0:7.5.15-3.el9.s390x", "product_id": "grafana-0:7.5.15-3.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=s390x" } } }, { "category": "product_version", "name": "grafana-debuginfo-0:7.5.15-3.el9.s390x", "product": { "name": "grafana-debuginfo-0:7.5.15-3.el9.s390x", "product_id": "grafana-debuginfo-0:7.5.15-3.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "grafana-0:7.5.15-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64" }, "product_reference": "grafana-0:7.5.15-3.el9.aarch64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:7.5.15-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le" }, "product_reference": "grafana-0:7.5.15-3.el9.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:7.5.15-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x" }, "product_reference": "grafana-0:7.5.15-3.el9.s390x", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:7.5.15-3.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src" }, "product_reference": "grafana-0:7.5.15-3.el9.src", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:7.5.15-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64" }, "product_reference": "grafana-0:7.5.15-3.el9.x86_64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-debuginfo-0:7.5.15-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64" }, "product_reference": "grafana-debuginfo-0:7.5.15-3.el9.aarch64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-debuginfo-0:7.5.15-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le" }, "product_reference": "grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-debuginfo-0:7.5.15-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x" }, "product_reference": "grafana-debuginfo-0:7.5.15-3.el9.s390x", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-debuginfo-0:7.5.15-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" }, "product_reference": "grafana-debuginfo-0:7.5.15-3.el9.x86_64", "relates_to_product_reference": "AppStream-9.1.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-23648", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-03-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2065290" } ], "notes": [ { "category": "description", "text": "A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url.", "title": "Vulnerability description" }, { "category": "summary", "text": "sanitize-url: XSS due to improper sanitization in sanitizeUrl function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23648" }, { "category": "external", "summary": "RHBZ#2065290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23648", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23648" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648" }, { "category": "external", "summary": "https://github.com/braintree/sanitize-url/pull/40", "url": "https://github.com/braintree/sanitize-url/pull/40" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", "url": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882" } ], "release_date": "2022-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sanitize-url: XSS due to improper sanitization in sanitizeUrl function" }, { "cve": "CVE-2022-1705", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107374" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: improper sanitization of Transfer-Encoding header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1705" }, { "category": "external", "summary": "RHBZ#2107374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705" }, { "category": "external", "summary": "https://go.dev/issue/53188", "url": "https://go.dev/issue/53188" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: improper sanitization of Transfer-Encoding header" }, { "cve": "CVE-2022-1962", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107376" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: go/parser: stack exhaustion in all Parse* functions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1962" }, { "category": "external", "summary": "RHBZ#2107376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1962" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962" }, { "category": "external", "summary": "https://go.dev/issue/53616", "url": "https://go.dev/issue/53616" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: go/parser: stack exhaustion in all Parse* functions" }, { "cve": "CVE-2022-21673", "cwe": { "id": "CWE-201", "name": "Insertion of Sensitive Information Into Sent Data" }, "discovery_date": "2022-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044628" } ], "notes": [ { "category": "description", "text": "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: Forward OAuth Identity Token can allow users to access some data sources", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21673" }, { "category": "external", "summary": "RHBZ#2044628", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21673", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673" }, { "category": "external", "summary": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", "url": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: Forward OAuth Identity Token can allow users to access some data sources" }, { "cve": "CVE-2022-21698", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "discovery_date": "2022-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2045880" } ], "notes": [ { "category": "description", "text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21698" }, { "category": "external", "summary": "RHBZ#2045880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698" }, { "category": "external", "summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", "url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p" } ], "release_date": "2022-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter" }, { "cve": "CVE-2022-21702", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050648" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting (XSS) attack. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: XSS vulnerability in data source handling", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21702" }, { "category": "external", "summary": "RHBZ#2050648", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050648" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21702", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21702" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21702", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21702" }, { "category": "external", "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g" }, { "category": "external", "summary": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" } ], "release_date": "2022-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "category": "workaround", "details": "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: XSS vulnerability in data source handling" }, { "cve": "CVE-2022-21703", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2022-01-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050742" } ], "notes": [ { "category": "description", "text": "A Cross-site request forgery (CSRF) vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, editors or admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: CSRF vulnerability can lead to privilege escalation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21703" }, { "category": "external", "summary": "RHBZ#2050742", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050742" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21703", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21703" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21703" }, { "category": "external", "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w" }, { "category": "external", "summary": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" } ], "release_date": "2022-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "category": "workaround", "details": "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: CSRF vulnerability can lead to privilege escalation" }, { "cve": "CVE-2022-21713", "cwe": { "id": "CWE-425", "name": "Direct Request (\u0027Forced Browsing\u0027)" }, "discovery_date": "2022-01-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050743" } ], "notes": [ { "category": "description", "text": "An Insecure Direct Object Reference (IDOR) vulnerability was found on Grafana Teams APIs. This flaw impacts the `/teams/:teamId`, `/teams/:search`, `/teams/:teamId/members` API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for teams and see the total number of available teams (including teams that the user does not have access to).", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: IDOR vulnerability can lead to information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21713" }, { "category": "external", "summary": "RHBZ#2050743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050743" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21713", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21713" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21713", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21713" }, { "category": "external", "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv" }, { "category": "external", "summary": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" } ], "release_date": "2022-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: IDOR vulnerability can lead to information disclosure" }, { "cve": "CVE-2022-28131", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107390" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/xml: stack exhaustion in Decoder.Skip", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-28131" }, { "category": "external", "summary": "RHBZ#2107390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28131" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131" }, { "category": "external", "summary": "https://go.dev/issue/53614", "url": "https://go.dev/issue/53614" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/xml: stack exhaustion in Decoder.Skip" }, { "cve": "CVE-2022-30630", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107371" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: io/fs: stack exhaustion in Glob", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30630" }, { "category": "external", "summary": "RHBZ#2107371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630" }, { "category": "external", "summary": "https://go.dev/issue/53415", "url": "https://go.dev/issue/53415" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: io/fs: stack exhaustion in Glob" }, { "cve": "CVE-2022-30631", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107342" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: compress/gzip: stack exhaustion in Reader.Read", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30631" }, { "category": "external", "summary": "RHBZ#2107342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631" }, { "category": "external", "summary": "https://go.dev/issue/53168", "url": "https://go.dev/issue/53168" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: compress/gzip: stack exhaustion in Reader.Read" }, { "cve": "CVE-2022-30632", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107386" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: path/filepath: stack exhaustion in Glob", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30632" }, { "category": "external", "summary": "RHBZ#2107386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632" }, { "category": "external", "summary": "https://go.dev/issue/53416", "url": "https://go.dev/issue/53416" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: path/filepath: stack exhaustion in Glob" }, { "cve": "CVE-2022-30633", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107392" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/xml: stack exhaustion in Unmarshal", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30633" }, { "category": "external", "summary": "RHBZ#2107392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633" }, { "category": "external", "summary": "https://go.dev/issue/53611", "url": "https://go.dev/issue/53611" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/xml: stack exhaustion in Unmarshal" }, { "cve": "CVE-2022-30635", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107388" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/gob: stack exhaustion in Decoder.Decode", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30635" }, { "category": "external", "summary": "RHBZ#2107388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635" }, { "category": "external", "summary": "https://go.dev/issue/53615", "url": "https://go.dev/issue/53615" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/gob: stack exhaustion in Decoder.Decode" }, { "cve": "CVE-2022-32148", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107383" } ], "notes": [ { "category": "description", "text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32148" }, { "category": "external", "summary": "RHBZ#2107383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148" }, { "category": "external", "summary": "https://go.dev/issue/53423", "url": "https://go.dev/issue/53423" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src", "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x", "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working" } ] }
rhsa-2022_7519
Vulnerability from csaf_redhat
Published
2022-11-08 09:34
Modified
2024-09-18 05:55
Summary
Red Hat Security Advisory: grafana security, bug fix, and enhancement update
Notes
Topic
An update for grafana is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
The following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055348)
Security Fix(es):
* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* grafana: XSS vulnerability in data source handling (CVE-2022-21702)
* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)
* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for grafana is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nThe following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055348)\n\nSecurity Fix(es):\n\n* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* grafana: XSS vulnerability in data source handling (CVE-2022-21702)\n\n* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)\n\n* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7519", "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index" }, { "category": "external", "summary": "2044628", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628" }, { "category": "external", "summary": "2045880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880" }, { "category": "external", "summary": "2050648", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050648" }, { "category": "external", "summary": "2050742", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050742" }, { "category": "external", "summary": "2050743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050743" }, { "category": "external", "summary": "2055348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055348" }, { "category": "external", "summary": "2065290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290" }, { "category": "external", "summary": "2107342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342" }, { "category": "external", "summary": "2107371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371" }, { "category": "external", "summary": "2107374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374" }, { "category": "external", "summary": "2107376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376" }, { "category": "external", "summary": "2107383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383" }, { "category": "external", "summary": "2107386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386" }, { "category": "external", "summary": "2107388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, { "category": "external", "summary": "2107390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390" }, { "category": "external", "summary": "2107392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_7519.json" } ], "title": "Red Hat Security Advisory: grafana security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-09-18T05:55:07+00:00", "generator": { "date": "2024-09-18T05:55:07+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:7519", "initial_release_date": "2022-11-08T09:34:04+00:00", "revision_history": [ { "date": "2022-11-08T09:34:04+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-08T09:34:04+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T05:55:07+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "grafana-0:7.5.15-3.el8.src", "product": { "name": "grafana-0:7.5.15-3.el8.src", "product_id": "grafana-0:7.5.15-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "grafana-0:7.5.15-3.el8.aarch64", "product": { "name": "grafana-0:7.5.15-3.el8.aarch64", "product_id": "grafana-0:7.5.15-3.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=aarch64" } } }, { "category": "product_version", "name": "grafana-debuginfo-0:7.5.15-3.el8.aarch64", "product": { "name": "grafana-debuginfo-0:7.5.15-3.el8.aarch64", "product_id": "grafana-debuginfo-0:7.5.15-3.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "grafana-0:7.5.15-3.el8.ppc64le", "product": { "name": "grafana-0:7.5.15-3.el8.ppc64le", "product_id": "grafana-0:7.5.15-3.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "product": { "name": "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "product_id": "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "grafana-0:7.5.15-3.el8.x86_64", "product": { "name": "grafana-0:7.5.15-3.el8.x86_64", "product_id": "grafana-0:7.5.15-3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=x86_64" } } }, { "category": "product_version", "name": "grafana-debuginfo-0:7.5.15-3.el8.x86_64", "product": { "name": "grafana-debuginfo-0:7.5.15-3.el8.x86_64", "product_id": "grafana-debuginfo-0:7.5.15-3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "grafana-0:7.5.15-3.el8.s390x", "product": { "name": "grafana-0:7.5.15-3.el8.s390x", "product_id": "grafana-0:7.5.15-3.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana@7.5.15-3.el8?arch=s390x" } } }, { "category": "product_version", "name": "grafana-debuginfo-0:7.5.15-3.el8.s390x", "product": { "name": "grafana-debuginfo-0:7.5.15-3.el8.s390x", "product_id": "grafana-debuginfo-0:7.5.15-3.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "grafana-0:7.5.15-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64" }, "product_reference": "grafana-0:7.5.15-3.el8.aarch64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:7.5.15-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le" }, "product_reference": "grafana-0:7.5.15-3.el8.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:7.5.15-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x" }, "product_reference": "grafana-0:7.5.15-3.el8.s390x", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:7.5.15-3.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src" }, "product_reference": "grafana-0:7.5.15-3.el8.src", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:7.5.15-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64" }, "product_reference": "grafana-0:7.5.15-3.el8.x86_64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-debuginfo-0:7.5.15-3.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64" }, "product_reference": "grafana-debuginfo-0:7.5.15-3.el8.aarch64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-debuginfo-0:7.5.15-3.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le" }, "product_reference": "grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-debuginfo-0:7.5.15-3.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x" }, "product_reference": "grafana-debuginfo-0:7.5.15-3.el8.s390x", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-debuginfo-0:7.5.15-3.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" }, "product_reference": "grafana-debuginfo-0:7.5.15-3.el8.x86_64", "relates_to_product_reference": "AppStream-8.7.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-23648", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-03-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2065290" } ], "notes": [ { "category": "description", "text": "A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url.", "title": "Vulnerability description" }, { "category": "summary", "text": "sanitize-url: XSS due to improper sanitization in sanitizeUrl function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23648" }, { "category": "external", "summary": "RHBZ#2065290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23648", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23648" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648" }, { "category": "external", "summary": "https://github.com/braintree/sanitize-url/pull/40", "url": "https://github.com/braintree/sanitize-url/pull/40" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", "url": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882" } ], "release_date": "2022-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7519" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "sanitize-url: XSS due to improper sanitization in sanitizeUrl function" }, { "cve": "CVE-2022-1705", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107374" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: improper sanitization of Transfer-Encoding header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1705" }, { "category": "external", "summary": "RHBZ#2107374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705" }, { "category": "external", "summary": "https://go.dev/issue/53188", "url": "https://go.dev/issue/53188" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7519" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: improper sanitization of Transfer-Encoding header" }, { "cve": "CVE-2022-1962", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107376" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: go/parser: stack exhaustion in all Parse* functions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1962" }, { "category": "external", "summary": "RHBZ#2107376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1962" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962" }, { "category": "external", "summary": "https://go.dev/issue/53616", "url": "https://go.dev/issue/53616" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7519" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: go/parser: stack exhaustion in all Parse* functions" }, { "cve": "CVE-2022-21673", "cwe": { "id": "CWE-201", "name": "Insertion of Sensitive Information Into Sent Data" }, "discovery_date": "2022-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044628" } ], "notes": [ { "category": "description", "text": "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: Forward OAuth Identity Token can allow users to access some data sources", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21673" }, { "category": "external", "summary": "RHBZ#2044628", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21673", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673" }, { "category": "external", "summary": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/", "url": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7519" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: Forward OAuth Identity Token can allow users to access some data sources" }, { "cve": "CVE-2022-21698", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "discovery_date": "2022-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2045880" } ], "notes": [ { "category": "description", "text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21698" }, { "category": "external", "summary": "RHBZ#2045880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698" }, { "category": "external", "summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", "url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p" } ], "release_date": "2022-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7519" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter" }, { "cve": "CVE-2022-21702", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050648" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting (XSS) attack. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: XSS vulnerability in data source handling", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21702" }, { "category": "external", "summary": "RHBZ#2050648", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050648" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21702", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21702" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21702", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21702" }, { "category": "external", "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g" }, { "category": "external", "summary": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" } ], "release_date": "2022-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "category": "workaround", "details": "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: XSS vulnerability in data source handling" }, { "cve": "CVE-2022-21703", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2022-01-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050742" } ], "notes": [ { "category": "description", "text": "A Cross-site request forgery (CSRF) vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, editors or admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges.", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: CSRF vulnerability can lead to privilege escalation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21703" }, { "category": "external", "summary": "RHBZ#2050742", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050742" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21703", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21703" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21703" }, { "category": "external", "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w" }, { "category": "external", "summary": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" } ], "release_date": "2022-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "category": "workaround", "details": "Please refer to the Grafana upstream advisory for possible workarounds for this issue.", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: CSRF vulnerability can lead to privilege escalation" }, { "cve": "CVE-2022-21713", "cwe": { "id": "CWE-425", "name": "Direct Request (\u0027Forced Browsing\u0027)" }, "discovery_date": "2022-01-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050743" } ], "notes": [ { "category": "description", "text": "An Insecure Direct Object Reference (IDOR) vulnerability was found on Grafana Teams APIs. This flaw impacts the `/teams/:teamId`, `/teams/:search`, `/teams/:teamId/members` API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for teams and see the total number of available teams (including teams that the user does not have access to).", "title": "Vulnerability description" }, { "category": "summary", "text": "grafana: IDOR vulnerability can lead to information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21713" }, { "category": "external", "summary": "RHBZ#2050743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050743" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21713", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21713" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21713", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21713" }, { "category": "external", "summary": "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv" }, { "category": "external", "summary": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" } ], "release_date": "2022-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "grafana: IDOR vulnerability can lead to information disclosure" }, { "cve": "CVE-2022-28131", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107390" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/xml: stack exhaustion in Decoder.Skip", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-28131" }, { "category": "external", "summary": "RHBZ#2107390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28131" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131" }, { "category": "external", "summary": "https://go.dev/issue/53614", "url": "https://go.dev/issue/53614" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7519" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/xml: stack exhaustion in Decoder.Skip" }, { "cve": "CVE-2022-30630", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107371" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: io/fs: stack exhaustion in Glob", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30630" }, { "category": "external", "summary": "RHBZ#2107371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630" }, { "category": "external", "summary": "https://go.dev/issue/53415", "url": "https://go.dev/issue/53415" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7519" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: io/fs: stack exhaustion in Glob" }, { "cve": "CVE-2022-30631", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107342" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: compress/gzip: stack exhaustion in Reader.Read", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30631" }, { "category": "external", "summary": "RHBZ#2107342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631" }, { "category": "external", "summary": "https://go.dev/issue/53168", "url": "https://go.dev/issue/53168" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7519" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: compress/gzip: stack exhaustion in Reader.Read" }, { "cve": "CVE-2022-30632", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107386" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: path/filepath: stack exhaustion in Glob", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30632" }, { "category": "external", "summary": "RHBZ#2107386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632" }, { "category": "external", "summary": "https://go.dev/issue/53416", "url": "https://go.dev/issue/53416" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7519" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: path/filepath: stack exhaustion in Glob" }, { "cve": "CVE-2022-30633", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107392" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/xml: stack exhaustion in Unmarshal", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30633" }, { "category": "external", "summary": "RHBZ#2107392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633" }, { "category": "external", "summary": "https://go.dev/issue/53611", "url": "https://go.dev/issue/53611" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7519" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/xml: stack exhaustion in Unmarshal" }, { "cve": "CVE-2022-30635", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107388" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/gob: stack exhaustion in Decoder.Decode", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30635" }, { "category": "external", "summary": "RHBZ#2107388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635" }, { "category": "external", "summary": "https://go.dev/issue/53615", "url": "https://go.dev/issue/53615" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7519" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/gob: stack exhaustion in Decoder.Decode" }, { "cve": "CVE-2022-32148", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2022-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107383" } ], "notes": [ { "category": "description", "text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32148" }, { "category": "external", "summary": "RHBZ#2107383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148" }, { "category": "external", "summary": "https://go.dev/issue/53423", "url": "https://go.dev/issue/53423" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7519" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.src", "AppStream-8.7.0.GA:grafana-0:7.5.15-3.el8.x86_64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.aarch64", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.ppc64le", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.s390x", "AppStream-8.7.0.GA:grafana-debuginfo-0:7.5.15-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working" } ] }
wid-sec-w-2022-0406
Vulnerability from csaf_certbund
Published
2022-01-18 23:00
Modified
2024-01-23 23:00
Summary
Grafana: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Grafana ist eine Open-Source Analyse- und Visualisierungssoftware.
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Grafana ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Grafana ist eine Open-Source Analyse- und Visualisierungssoftware.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Grafana ausnutzen, um Sicherheitsvorkehrungen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0406 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0406.json" }, { "category": "self", "summary": "WID-SEC-2022-0406 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0406" }, { "category": "external", "summary": "Grafana 8.3.4 and 7.5.13 released vom 2022-01-18", "url": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:0751-1 vom 2022-03-08", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010387.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0056 vom 2022-03-10", "url": "https://access.redhat.com/errata/RHSA-2022:0056" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:1396-1 vom 2022-04-25", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010822.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:2134-1 vom 2022-06-20", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011316.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6024 vom 2022-08-10", "url": "https://access.redhat.com/errata/RHSA-2022:6024" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:3676-1 vom 2022-10-20", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012594.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7519 vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8057 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0191-1 vom 2024-01-23", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017744.html" } ], "source_lang": "en-US", "title": "Grafana: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen", "tracking": { "current_release_date": "2024-01-23T23:00:00.000+00:00", "generator": { "date": "2024-02-15T16:49:29.785+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0406", "initial_release_date": "2022-01-18T23:00:00.000+00:00", "revision_history": [ { "date": "2022-01-18T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-03-08T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-03-10T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-04-10T22:00:00.000+00:00", "number": "4", "summary": "Referenz(en) aufgenommen: FEDORA-2022-C5383675D9, FEDORA-2022-9DD03CAB55, FEDORA-2022-83405F9D5B" }, { "date": "2022-04-25T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-06-20T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-08-09T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-10-20T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-11-08T23:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-11-15T23:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-01-23T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von SUSE aufgenommen" } ], "status": "final", "version": "11" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Open Source Grafana \u003c 7.5.13", "product": { "name": "Open Source Grafana \u003c 7.5.13", "product_id": "T021766", "product_identification_helper": { "cpe": "cpe:/a:grafana:grafana:7.5.13" } } }, { "category": "product_name", "name": "Open Source Grafana \u003c 8.3.4", "product": { "name": "Open Source Grafana \u003c 8.3.4", "product_id": "T021767", "product_identification_helper": { "cpe": "cpe:/a:grafana:grafana:8.3.4" } } } ], "category": "product_name", "name": "Grafana" } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-21673", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Grafana im Zusammenhang mit OAuth Access Tokens und API Keys. Wenn die \"OAuth-Weiterleitung f\u00fcr Datenquellen\" aktiviert ist, leitet Grafana das OAuth Access Token des zuletzt angemeldeten Benutzers weiter, anstatt das bereitgestellte API-Token. Ein Angreifer kann dies ausnutzen, um Sicherheitsmechanismen zu umgehen." } ], "product_status": { "known_affected": [ "T002207", "67646" ] }, "release_date": "2022-01-18T23:00:00Z", "title": "CVE-2022-21673" } ] }
gsd-2022-21673
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2022-21673", "description": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.", "id": "GSD-2022-21673", "references": [ "https://www.suse.com/security/cve/CVE-2022-21673.html", "https://access.redhat.com/errata/RHSA-2022:0056", "https://access.redhat.com/errata/RHSA-2022:6024", "https://access.redhat.com/errata/RHSA-2022:7519", "https://access.redhat.com/errata/RHSA-2022:8057" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-21673" ], "details": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4.", "id": "GSD-2022-21673", "modified": "2023-12-13T01:19:14.580586Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-21673", "STATE": "PUBLIC", "TITLE": "OAuth Identity Token exposure in Grafana" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "grafana", "version": { "version_data": [ { "version_value": "\u003e= 7.2.0, \u003c 7.5.13" }, { "version_value": "\u003e= 8.0.0, \u003c 8.3.4" } ] } } ] }, "vendor_name": "grafana" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4", "refsource": "CONFIRM", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4" }, { "name": "https://github.com/grafana/grafana/releases/tag/v7.5.13", "refsource": "MISC", "url": "https://github.com/grafana/grafana/releases/tag/v7.5.13" }, { "name": "https://github.com/grafana/grafana/releases/tag/v8.3.4", "refsource": "MISC", "url": "https://github.com/grafana/grafana/releases/tag/v8.3.4" }, { "name": "https://security.netapp.com/advisory/ntap-20220303-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220303-0004/" }, { "name": "FEDORA-2022-83405f9d5b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/" }, { "name": "FEDORA-2022-9dd03cab55", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/" }, { "name": "FEDORA-2022-c5383675d9", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/" } ] }, "source": { "advisory": "GHSA-8wjh-59cw-9xh4", "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.3.4", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.5.13", "versionStartIncluding": "7.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-21673" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4" }, { "name": "https://github.com/grafana/grafana/releases/tag/v8.3.4", "refsource": "MISC", "tags": [ "Release Notes", "Third Party Advisory" ], "url": "https://github.com/grafana/grafana/releases/tag/v8.3.4" }, { "name": "https://github.com/grafana/grafana/releases/tag/v7.5.13", "refsource": "MISC", "tags": [ "Release Notes", "Third Party Advisory" ], "url": "https://github.com/grafana/grafana/releases/tag/v7.5.13" }, { "name": "https://security.netapp.com/advisory/ntap-20220303-0004/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220303-0004/" }, { "name": "FEDORA-2022-83405f9d5b", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/" }, { "name": "FEDORA-2022-9dd03cab55", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/" }, { "name": "FEDORA-2022-c5383675d9", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 1.4 } }, "lastModifiedDate": "2023-07-24T13:54Z", "publishedDate": "2022-01-18T22:15Z" } } }
Loading...