Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-2806
Vulnerability from cvelistv5
Published
2022-09-01 19:58
Modified
2024-08-03 00:52
Severity ?
EPSS score ?
Summary
It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://github.com/sosreport/sos/pull/2947 | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sosreport/sos/pull/2947 | Patch, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | ovirt-log-collector |
Version: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:52:59.579Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/sosreport/sos/pull/2947" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ovirt-log-collector", "vendor": "n/a", "versions": [ { "status": "affected", "version": "sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev" } ] } ], "descriptions": [ { "lang": "en", "value": "It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-01T19:58:50", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/sosreport/sos/pull/2947" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-2806", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ovirt-log-collector", "version": { "version_data": [ { "version_value": "sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/sosreport/sos/pull/2947", "refsource": "MISC", "url": "https://github.com/sosreport/sos/pull/2947" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-2806", "datePublished": "2022-09-01T19:58:50", "dateReserved": "2022-08-12T00:00:00", "dateUpdated": "2024-08-03T00:52:59.579Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-2806\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-09-01T21:15:09.860\",\"lastModified\":\"2024-11-21T07:01:43.710\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev\"},{\"lang\":\"es\",\"value\":\"Se ha detectado que ovirt-log-collector/sosreport recoge la contrase\u00f1a de administrador de RHV sin filtrar. Corregido en: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sos_project:sos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2-20.el8_6\",\"matchCriteriaId\":\"39538BB7-6922-4763-BF40-0B632E7C57E8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ovirt:log_collector:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.7-2.el8ev\",\"matchCriteriaId\":\"8DF18B53-7F21-4061-A413-8B06488FA293\"}]}]}],\"references\":[{\"url\":\"https://github.com/sosreport/sos/pull/2947\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/sosreport/sos/pull/2947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}" } }
rhsa-2022_6393
Vulnerability from csaf_redhat
Published
2022-09-08 11:31
Modified
2024-12-18 00:36
Summary
Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update
Notes
Topic
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
* ovirt-log-collector: RHVM admin password is logged unfiltered (CVE-2022-2806)
* springframework: malicious input leads to insertion of additional log entries (CVE-2021-22096)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Previously, running engine-setup did not always renew OVN certificates close to expiration or expired. With this release, OVN certificates are always renewed by engine-setup when needed. (BZ#2097558)
* Previously, the Manager issued warnings of approaching certificate expiration before engine-setup could update certificates. In this release expiration warnings and certificate update periods are aligned, and certificates are updated as soon as expiration warnings occur. (BZ#2097725)
* With this release, OVA export or import work on hosts with a non-standard SSH port. (BZ#2104939)
* With this release, the certificate validity test is compatible with RHEL 8 and RHEL 7 based hypervisors. (BZ#2107250)
* RHV 4.4 SP1 and later are only supported on RHEL 8.6, customers cannot use RHEL 8.7 or later, and must stay with RHEL 8.6 EUS. (BZ#2108985)
* Previously, importing templates from the Administration Portal did not work. With this release, importing templates from the Administration Portal is possible. (BZ#2109923)
* ovirt-provider-ovn certificate expiration is checked along with other RHV certificates. If ovirt-provider-ovn is about to expire or already expired, a warning or alert is raised in the audit log. To renew the ovirt-provider-ovn certificate, administators must run engine-setup. If your ovirt-provider-ovn certificate expires on a previous RHV version, upgrade to RHV 4.4 SP1 batch 2 or later, and ovirt-provider-ovn certificate will be renewed automatically in the engine-setup. (BZ#2097560)
* Previously, when importing a virtual machine with manual CPU pinning, the manual pinning string was cleared, but the CPU pinning policy was not set to NONE. As a result, importing failed. In this release, the CPU pinning policy is set to NONE if the CPU pinning string is cleared, and importing succeeds. (BZ#2104115)
* Previously, the Manager could start a virtual machine with a Resize and Pin NUMA policy on a host without an equal number of physical sockets to NUMA nodes. As a result, wrong pinning was assigned to the policy. With this release, the Manager does not allow the virtual machine to be scheduled on such a virtual machine, and the pinning is correct based on the algorithm. (BZ#1955388)
* Rebase package(s) to version: 4.4.7.
Highlights, important fixes, or notable enhancements: fixed BZ#2081676 (BZ#2104831)
* In this release, rhv-log-collector-analyzer provides detailed output for each problematic image, including disk names, associated virtual machine, the host running the virtual machine, snapshots, and current SPM. The detailed view is now the default. The compact option can be set by using the --compact switch in the command line. (BZ#2097536)
* UnboundID LDAP SDK has been rebased on upstream version 6.0.4. See https://github.com/pingidentity/ldapsdk/releases for changes since version 4.0.14 (BZ#2092478)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nSecurity Fix(es):\n\n* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\n* ovirt-log-collector: RHVM admin password is logged unfiltered (CVE-2022-2806)\n\n* springframework: malicious input leads to insertion of additional log entries (CVE-2021-22096)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, running engine-setup did not always renew OVN certificates close to expiration or expired. With this release, OVN certificates are always renewed by engine-setup when needed. (BZ#2097558)\n\n* Previously, the Manager issued warnings of approaching certificate expiration before engine-setup could update certificates. In this release expiration warnings and certificate update periods are aligned, and certificates are updated as soon as expiration warnings occur. (BZ#2097725)\n\n* With this release, OVA export or import work on hosts with a non-standard SSH port. (BZ#2104939)\n\n* With this release, the certificate validity test is compatible with RHEL 8 and RHEL 7 based hypervisors. (BZ#2107250)\n\n* RHV 4.4 SP1 and later are only supported on RHEL 8.6, customers cannot use RHEL 8.7 or later, and must stay with RHEL 8.6 EUS. (BZ#2108985)\n\n* Previously, importing templates from the Administration Portal did not work. With this release, importing templates from the Administration Portal is possible. (BZ#2109923)\n\n* ovirt-provider-ovn certificate expiration is checked along with other RHV certificates. If ovirt-provider-ovn is about to expire or already expired, a warning or alert is raised in the audit log. To renew the ovirt-provider-ovn certificate, administators must run engine-setup. If your ovirt-provider-ovn certificate expires on a previous RHV version, upgrade to RHV 4.4 SP1 batch 2 or later, and ovirt-provider-ovn certificate will be renewed automatically in the engine-setup. (BZ#2097560)\n\n* Previously, when importing a virtual machine with manual CPU pinning, the manual pinning string was cleared, but the CPU pinning policy was not set to NONE. As a result, importing failed. In this release, the CPU pinning policy is set to NONE if the CPU pinning string is cleared, and importing succeeds. (BZ#2104115)\n\n* Previously, the Manager could start a virtual machine with a Resize and Pin NUMA policy on a host without an equal number of physical sockets to NUMA nodes. As a result, wrong pinning was assigned to the policy. With this release, the Manager does not allow the virtual machine to be scheduled on such a virtual machine, and the pinning is correct based on the algorithm. (BZ#1955388)\n\n* Rebase package(s) to version: 4.4.7.\nHighlights, important fixes, or notable enhancements: fixed BZ#2081676 (BZ#2104831)\n\n* In this release, rhv-log-collector-analyzer provides detailed output for each problematic image, including disk names, associated virtual machine, the host running the virtual machine, snapshots, and current SPM. The detailed view is now the default. The compact option can be set by using the --compact switch in the command line. (BZ#2097536)\n\n* UnboundID LDAP SDK has been rebased on upstream version 6.0.4. See https://github.com/pingidentity/ldapsdk/releases for changes since version 4.0.14 (BZ#2092478)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6393", "url": "https://access.redhat.com/errata/RHSA-2022:6393" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "1850004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004" }, { "category": "external", "summary": "1939284", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939284" }, { "category": "external", "summary": "1944286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286" }, { "category": "external", "summary": "1955388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955388" }, { "category": "external", "summary": "1974974", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974974" }, { "category": "external", "summary": "2034584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034584" }, { "category": "external", "summary": "2080005", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080005" }, { "category": "external", "summary": "2092478", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092478" }, { "category": "external", "summary": "2094577", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094577" }, { "category": "external", "summary": "2097536", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097536" }, { "category": "external", "summary": "2097558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097558" }, { "category": "external", "summary": "2097560", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097560" }, { "category": "external", "summary": "2097725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097725" }, { "category": "external", "summary": "2104115", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104115" }, { "category": "external", "summary": "2104831", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104831" }, { "category": "external", "summary": "2104939", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104939" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2107250", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107250" }, { "category": "external", "summary": "2107267", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107267" }, { "category": "external", "summary": "2108985", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108985" }, { "category": "external", "summary": "2109923", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109923" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6393.json" } ], "title": "Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update", "tracking": { "current_release_date": "2024-12-18T00:36:07+00:00", "generator": { "date": "2024-12-18T00:36:07+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2022:6393", "initial_release_date": "2022-09-08T11:31:04+00:00", "revision_history": [ { "date": "2022-09-08T11:31:04+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-09-08T11:31:04+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-18T00:36:07+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product": { "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8" } } } ], "category": "product_family", "name": "Red Hat Virtualization" }, { "branches": [ { "category": "product_version", "name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "product": { "name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "product_id": "unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/unboundid-ldapsdk@6.0.4-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "product": { "name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "product_id": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.5-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-web-ui-0:1.9.1-1.el8ev.src", "product": { "name": "ovirt-web-ui-0:1.9.1-1.el8ev.src", "product_id": "ovirt-web-ui-0:1.9.1-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-web-ui@1.9.1-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "product": { "name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "product_id": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.15-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "product": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "product_id": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap@1.4.6-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "product": { "name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "product_id": "ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.4-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-log-collector-0:4.4.7-2.el8ev.src", "product": { "name": "ovirt-log-collector-0:4.4.7-2.el8ev.src", "product_id": "ovirt-log-collector-0:4.4.7-2.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.7-2.el8ev?arch=src" } } }, { "category": "product_version", "name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "product": { "name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "product_id": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.7.2-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "product": { "name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "product_id": "ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine@4.5.2.4-0.1.el8ev?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "product": { "name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "product_id": "unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/unboundid-ldapsdk@6.0.4-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "product": { "name": "unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "product_id": "unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/unboundid-ldapsdk-javadoc@6.0.4-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "product": { "name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "product_id": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.5-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "product": { "name": "ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "product_id": "ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-web-ui@1.9.1-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "product": { "name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "product_id": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.15-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "product": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "product_id": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap@1.4.6-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "product": { "name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "product_id": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap-setup@1.4.6-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "product": { "name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "product_id": "ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.4-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "product": { "name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "product_id": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh-grafana-integration-setup@4.5.4-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "product": { "name": "ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "product_id": "ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh-setup@4.5.4-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "product": { "name": "ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "product_id": "ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.7-2.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "product": { "name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "product_id": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.7.2-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch", "product": { "name": "vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch", "product_id": "vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/vdsm-jsonrpc-java-javadoc@1.7.2-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.5.2.4-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "rhvm-0:4.5.2.4-0.1.el8ev.noarch", "product": { "name": "rhvm-0:4.5.2.4-0.1.el8ev.noarch", "product_id": "rhvm-0:4.5.2.4-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm@4.5.2.4-0.1.el8ev?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src" }, "product_reference": "ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch" }, "product_reference": "ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src" }, "product_reference": "ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch" }, "product_reference": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch" }, "product_reference": "ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch" }, "product_reference": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src" }, "product_reference": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch" }, "product_reference": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch" }, "product_reference": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src" }, "product_reference": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-log-collector-0:4.4.7-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch" }, "product_reference": "ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-log-collector-0:4.4.7-2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src" }, "product_reference": "ovirt-log-collector-0:4.4.7-2.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-web-ui-0:1.9.1-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch" }, "product_reference": "ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-web-ui-0:1.9.1-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src" }, "product_reference": "ovirt-web-ui-0:1.9.1-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch" }, "product_reference": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src" }, "product_reference": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch" }, "product_reference": "rhvm-0:4.5.2.4-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch" }, "product_reference": "unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src" }, "product_reference": "unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch" }, "product_reference": "unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch" }, "product_reference": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src" }, "product_reference": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" }, "product_reference": "vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-11022", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-04-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828406" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", "title": "Vulnerability summary" }, { "category": "other", "text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11022" }, { "category": "external", "summary": "RHBZ#1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2" } ], "release_date": "2020-04-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-08T11:31:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6393" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method" }, { "cve": "CVE-2020-11023", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-06-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1850004" } ], "notes": [ { "category": "description", "text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11023" }, { "category": "external", "summary": "RHBZ#1850004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023" }, { "category": "external", "summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" } ], "release_date": "2020-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-08T11:31:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6393" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods" }, { "cve": "CVE-2021-22096", "discovery_date": "2021-12-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2034584" } ], "notes": [ { "category": "description", "text": "In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: malicious input leads to insertion of additional log entries", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-22096" }, { "category": "external", "summary": "RHBZ#2034584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034584" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22096", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22096" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22096", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22096" } ], "release_date": "2021-10-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-08T11:31:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6393" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "springframework: malicious input leads to insertion of additional log entries" }, { "cve": "CVE-2021-23358", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2021-03-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1944286" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-underscore: Arbitrary code execution via the template function", "title": "Vulnerability summary" }, { "category": "other", "text": "Whilst the OpenShift Container Platform (OCP) openshift4/ose-grafana and openshift3/grafana as well as console, grc-ui and search-ui containers for Red Hat Advanced Management for Kubernetes (RHACM) include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Additionally this library is used in openshift4/ose-grafana container only in Grafana End-to-End Test package. Therefore the impact by this flaw is reduced to Low and the affected OCP components are marked as \"will not fix\" at this time and to Moderate for the affected RHACM components. This might be fixed in a future release.\n\nRed Hat Enterprise Virtualization includes the vulnerable underscore library, however it is not parsing any untrusted data, therefore impact is reduced to Low.\n\nBelow Red Hat products include the underscore dependency, but it is not used by the product and hence this issue has been rated as having a security impact of Low.\n\n* Red Hat Quay\n* Red Hat Gluster Storage 3\n* Red Hat OpenShift Container Storage 4\n* Red Hat Ceph Storage 3 and 4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23358" }, { "category": "external", "summary": "RHBZ#1944286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23358", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358" } ], "release_date": "2021-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-08T11:31:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6393" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-underscore: Arbitrary code execution via the template function" }, { "cve": "CVE-2022-2806", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2022-04-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2080005" } ], "notes": [ { "category": "description", "text": "A flaw was found in the ovirt-log-collector, which led to the logging of plaintext passwords in the log file. This flaw allows an attacker with sufficient privileges to read the log file, leading to a loss of confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "ovirt-log-collector: RHVM admin password is logged unfiltered", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2806" }, { "category": "external", "summary": "RHBZ#2080005", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080005" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2806", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2806" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2806", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2806" } ], "release_date": "2022-05-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-08T11:31:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6393" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ovirt-log-collector: RHVM admin password is logged unfiltered" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-08T11:31:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6393" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src", "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src", "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" } ] }
ghsa-7pf9-7cff-f854
Vulnerability from github
Published
2022-09-02 00:01
Modified
2024-04-08 19:03
Severity ?
Summary
sosreport Exposure of Sensitive Information vulnerability
Details
It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "sosreport" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "4.4" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2022-2806" ], "database_specific": { "cwe_ids": [ "CWE-200" ], "github_reviewed": true, "github_reviewed_at": "2024-04-08T19:03:02Z", "nvd_published_at": "2022-09-01T21:15:00Z", "severity": "MODERATE" }, "details": "It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev", "id": "GHSA-7pf9-7cff-f854", "modified": "2024-04-08T19:03:02Z", "published": "2022-09-02T00:01:01Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2806" }, { "type": "WEB", "url": "https://github.com/sosreport/sos/pull/2947" }, { "type": "WEB", "url": "https://github.com/sosreport/sos/commit/5fd872c64c53af37015f366295e0c2418c969757" }, { "type": "PACKAGE", "url": "https://github.com/sosreport/sos" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ], "summary": "sosreport Exposure of Sensitive Information vulnerability" }
gsd-2022-2806
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev
Aliases
Aliases
{ "GSD": { "alias": "CVE-2022-2806", "description": "It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev", "id": "GSD-2022-2806", "references": [ "https://advisories.mageia.org/CVE-2022-2806.html", "https://access.redhat.com/errata/RHSA-2022:6393", "https://ubuntu.com/security/CVE-2022-2806" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-2806" ], "details": "It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev", "id": "GSD-2022-2806", "modified": "2023-12-13T01:19:19.757089Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-2806", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ovirt-log-collector", "version": { "version_data": [ { "version_value": "sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/sosreport/sos/pull/2947", "refsource": "MISC", "url": "https://github.com/sosreport/sos/pull/2947" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c4.2-20.el8_6", "affected_versions": "All versions before 4.2-20.el8_6", "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-09-07", "description": "It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev", "fixed_versions": [], "identifier": "CVE-2022-2806", "identifiers": [ "CVE-2022-2806" ], "not_impacted": "", "package_slug": "pypi/sosreport", "pubdate": "2022-09-01", "solution": "Unfortunately, there is no solution available yet.", "title": "Exposure of Sensitive Information to an Unauthorized Actor", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-2806", "https://github.com/sosreport/sos/pull/2947" ], "uuid": "6dcf9f07-198b-4052-8e9c-fcbb543f2363" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sos_project:sos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2-20.el8_6", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ovirt:log_collector:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4.7-2.el8ev", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-2806" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/sosreport/sos/pull/2947", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/sosreport/sos/pull/2947" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } }, "lastModifiedDate": "2022-09-07T19:33Z", "publishedDate": "2022-09-01T21:15Z" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.